Unrated severityNVD Advisory· Published Jan 16, 2006· Updated Apr 16, 2026

CVE-2006-0217

Description

Multiple cross-site scripting (XSS) vulnerabilities in Ultimate Auction 3.67 allow remote attackers to inject arbitrary web script or HTML via the (1) item parameter in item.pl and (2) category parameter in itemlist.pl, which reflects the XSS in an error message. NOTE: the affected version might be wrong since the current version as of 20060116 is 3.6.1.

Affected products

Ultimate Auction/Ultimate Auction
cpe:2.3:a:ultimate_auction:ultimate_auction:3.67:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

archives.neohapsis.com/archives/fulldisclosure/2006-01/0517.htmlnvdExploit
secunia.com/advisories/18477nvdExploitVendor Advisory
www.securityfocus.com/bid/16239nvdExploit
www.osvdb.org/22443nvd
www.osvdb.org/22444nvd
www.securityfocus.com/bid/16254nvd
www.vupen.com/english/advisories/2006/0187nvd
exchange.xforce.ibmcloud.com/vulnerabilities/24138nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.002
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000