Intrusion Prevention

RWAuction.Pro.Search.ASP.XSS

Description

A cross-site scripting (XSS) vulnerability in search.asp in rwAuction Pro 4.0 allows remote attackers to inject an arbitrary web script or HTML via the searchtxt parameter.

Affected Products

rwAuction Pro version 4.0 and prior.

Impact

Gain Access.

Recommended Actions

Currently we are not aware of any vendor-supplied patches for this issue.

CVE References

CVE-2005-4060