[] NeoSense
E X P L O I T S
title author type platform port cve id

Mewsoft NetAuction 3.0 - Cross-Site Scripting

Author: windows-1256
type: webapps
platform: cgi
port: nan
date_added: 2002-06-14 
date_updated: 2012-09-27 
verified: 1 
codes: CVE-2002-1703;OSVDB-21556 
tags: 
aliases:  
screenshot_url:  
application_url: 
source: https://www.securityfocus.com/bid/5023/info

NetAuction does not filter HTML code from URI parameters, making it prone to cross-site scripting attacks. Attacker-supplied HTML code may be included in a malicious links. The attacker-supplied HTML code will be executed in the browser of a web user who visits this link, in the security context of the host running NetAuction. Such a link might be included in a HTML e-mail or on a malicious webpage.

http://www.xxxx.com/cgi-bin/auction/auction.cgi?action=Sort_Page&View=Search
&Page=0&Cat_ID=&Lang=English&Search=All&Terms=<script>alert('OopS');</script>&
Where=&Sort=Photo&Dir=
Billing Policy . Cookies Policy . Conditions . Disclaimer . ICANN Policy . Legal Notice . Privacy Policy . Spam Policy . Usage Policy
Copyright © 2026 NEOSENSE. All rights reserved.