Reflected Cross-Site Scripting Vulnerability in uBidAuction by uBid
CVE-2022-50964

5.1MEDIUM

Key Information:

Vendor

Ubidauction

Status
Ubidauction
Vendor
CVE Published:
10 May 2026

Badges

๐Ÿ‘พ Exploit Exists

What is CVE-2022-50964?

uBidAuction version 2.0.1 is susceptible to reflected cross-site scripting (XSS) in the auctions/myAuctions/status/loose module. The vulnerability exists due to insufficient sanitization of the date_created, date_from, date_to, and created_at parameters within the filter mechanism. This flaw enables remote attackers to execute scripts in the context of a user's browser through crafted GET requests, potentially leading to the theft of sensitive information or further exploitation.

Affected Version(s)

uBidAuction 2.0.1

References

https://www.exploit-db.com/exploits/50693
exploit
https://www.vulnerability-lab.com/get_content.php?id=2289
exploit
https://www.apphp.com/codemarket/items/48/ubidauction-php...
product

CVSS V4

Score:
5.1
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • ๐ŸŸก

    Public PoC available

  • ๐Ÿ‘พ

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

Vulnerability-Lab [Research Team]
.