Reflected Cross-Site Scripting in uBidAuction by AppHP
CVE-2022-50968

5.1MEDIUM

Key Information:

Vendor

Ubidauction

Status
Ubidauction
Vendor
CVE Published:
10 May 2026

Badges

๐Ÿ‘พ Exploit Exists

What is CVE-2022-50968?

uBidAuction version 2.0.1 is affected by a reflected cross-site scripting vulnerability in the auctions/manage module. This vulnerability arises from the improper sanitization of the parameters date_created, date_from, date_to, and created_at in the filter functionality. As a result, remote attackers can exploit this flaw by injecting malicious scripts through specially crafted GET requests, which then execute within the browsers of unwitting victims.

Affected Version(s)

uBidAuction 2.0.1

References

https://www.exploit-db.com/exploits/50693
exploit
https://www.vulnerability-lab.com/get_content.php?id=2289
exploit
https://www.apphp.com/codemarket/items/48/ubidauction-php...
product

CVSS V4

Score:
5.1
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • ๐ŸŸก

    Public PoC available

  • ๐Ÿ‘พ

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

Vulnerability-Lab [Research Team]
.