CVE-2007-3540 | Vulnerability Database | Aqua Security

NVD

https://nvd.nist.gov/vuln/detail/CVE-2007-3540

CWE

https://cwe.mitre.org/data/definitions/NVD-Other.html

Multiple cross-site scripting (XSS) vulnerabilities in search.asp in rwAuction Pro 5.0 allow remote attackers to inject arbitrary web script or HTML via the (1) search, (2) show, (3) searchtype, (4) catid, and (5) searchtxt parameters, a different version and vectors than CVE-2005-4060.

Affected Software

Name	Vendor	Start Version	End Version
Rwauction_pro	Rainworx	5.0 (including)	5.0 (including)

References

http://osvdb.org/36347
http://pridels-team.blogspot.com/2007/06/rwauction-pro-xss-vuln.html
http://secunia.com/advisories/25849
http://www.securityfocus.com/bid/24668
http://www.vupen.com/english/advisories/2007/2368
http://osvdb.org/36347
http://pridels-team.blogspot.com/2007/06/rwauction-pro-xss-vuln.html
http://secunia.com/advisories/25849
http://www.securityfocus.com/bid/24668
http://www.vupen.com/english/advisories/2007/2368