Unrated severityNVD Advisory· Published May 29, 2002· Updated Apr 16, 2026

CVE-2002-0257

Description

Cross-site scripting vulnerability in auction.pl of MakeBid Auction Deluxe 3.30 allows remote attackers to obtain information from other users via the form fields (1) TITLE, (2) DESCTIT, (3) DESC, (4) searchstring, (5) ALIAS, (6) EMAIL, (7) ADDRESS1, (8) ADDRESS2, (9) ADDRESS3, (10) PHONE1, (11) PHONE2, (12) PHONE3, or (13) PHONE4.

Affected products

Apache/HTTP Server5 versions
cpe:2.3:a:apache:http_server:1.3.17:*:*:*:*:*:*:*+ 4 more
- cpe:2.3:a:apache:http_server:1.3.17:*:*:*:*:*:*:*
- cpe:2.3:a:apache:http_server:1.3.18:*:*:*:*:*:*:*
- cpe:2.3:a:apache:http_server:1.3.19:*:*:*:*:*:*:*
- cpe:2.3:a:apache:http_server:1.3.20:*:*:*:*:*:*:*
- cpe:2.3:a:apache:http_server:1.3.22:*:*:*:*:*:*:*
Usanet Creations/Makebid Auction Deluxe
cpe:2.3:a:usanet_creations:makebid_auction_deluxe:3.30:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.iss.net/security_center/static/8161.phpnvdPatchVendor Advisory
www.securityfocus.com/bid/4069nvdPatchVendor Advisory
marc.infonvd
www.netcreations.addr.com/dcforum/DCForumID2/126.htmlnvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.005
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000