CVEs and Security Vulnerabilities CVEs and Security Vulnerabilities

Filtered by vendor Ubidauction Subscriptions

Total 8 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2022-50962	1 Ubidauction	1 Ubidauction	2026-05-11	6.1 Medium
uBidAuction 2.0.1 contains a reflected cross-site scripting vulnerability in the orders/myOrders module. The date_created, date_from, date_to, and created_at parameters in the filter functionality are not properly sanitized, allowing remote attackers to inject malicious scripts via crafted GET requests that execute in victims' browsers.
CVE-2022-50963	1 Ubidauction	1 Ubidauction	2026-05-11	6.1 Medium
uBidAuction 2.0.1 contains a reflected cross-site scripting vulnerability in the auctions/myAuctions/status/active module. The date_created, date_from, date_to, and created_at parameters in the filter functionality are not properly sanitized, allowing remote attackers to inject malicious scripts via crafted GET requests that execute in victims' browsers.
CVE-2022-50964	1 Ubidauction	1 Ubidauction	2026-05-11	6.1 Medium
uBidAuction 2.0.1 contains a reflected cross-site scripting vulnerability in the auctions/myAuctions/status/loose module. The date_created, date_from, date_to, and created_at parameters in the filter functionality are not properly sanitized, allowing remote attackers to inject malicious scripts via crafted GET requests that execute in victims' browsers.
CVE-2022-50965	1 Ubidauction	1 Ubidauction	2026-05-11	6.1 Medium
uBidAuction 2.0.1 contains a reflected cross-site scripting vulnerability in the posts/manage module. The date_created, date_from, date_to, and created_at parameters in the filter functionality are not properly sanitized, allowing remote attackers to inject malicious scripts via crafted GET requests that execute in victims' browsers.
CVE-2022-50966	1 Ubidauction	1 Ubidauction	2026-05-11	6.1 Medium
uBidAuction 2.0.1 contains a reflected cross-site scripting vulnerability in the news/manage module. The date_created, date_from, date_to, and created_at parameters in the filter functionality are not properly sanitized, allowing remote attackers to inject malicious scripts via crafted GET requests that execute in victims' browsers.
CVE-2022-50967	1 Ubidauction	1 Ubidauction	2026-05-11	6.1 Medium
uBidAuction 2.0.1 contains a reflected cross-site scripting vulnerability in the tickets/manage module. The date_created, date_from, date_to, and created_at parameters in the filter functionality are not properly sanitized, allowing remote attackers to inject malicious scripts via crafted GET requests that execute in victims' browsers.
CVE-2022-50968	1 Ubidauction	1 Ubidauction	2026-05-11	6.1 Medium
uBidAuction 2.0.1 contains a reflected cross-site scripting vulnerability in the auctions/manage module. The date_created, date_from, date_to, and created_at parameters in the filter functionality are not properly sanitized, allowing remote attackers to inject malicious scripts via crafted GET requests that execute in victims' browsers.
CVE-2022-50969	1 Ubidauction	1 Ubidauction	2026-05-11	6.1 Medium
uBidAuction 2.0.1 contains a reflected cross-site scripting vulnerability in the backend/mailingLog/manage module. The date_created, date_from, date_to, and created_at parameters in the filter functionality are not properly sanitized, allowing remote attackers to inject malicious scripts via crafted GET requests that execute in victims' browsers.

Page 1 of 1.