These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.
CVE-2022-50969 describes a reflected cross-site scripting issue in uBidAuction 2.0.1, specifically in the backend/mailingLog/manage module. According to the supplied description, the filter parameters date_created, date_from, date_to, and created_at are not properly sanitized, which can allow crafted GET requests to inject script content that executes in a victim’s browser. The provided NVD record lists t [truncated]
CVE-2022-50968 is a reflected cross-site scripting issue in uBidAuction 2.0.1. The supplied description says the auctions/manage module does not properly sanitize the date_created, date_from, date_to, and created_at filter parameters, allowing a remote attacker to inject script through a crafted GET request that executes in a victim's browser.
CVE-2022-50967 describes a reflected cross-site scripting issue in uBidAuction 2.0.1. The vulnerable behavior is in the tickets/manage module, where the date_created, date_from, date_to, and created_at filter parameters are not properly sanitized. As a result, a remote attacker can send a crafted GET request that causes attacker-controlled script to execute in a victim's browser. The supplied record rates [truncated]
CVE-2022-50966 describes a reflected cross-site scripting (XSS) issue in uBidAuction 2.0.1’s news/manage module. The filter parameters date_created, date_from, date_to, and created_at are reported as insufficiently sanitized, which can let a remote attacker inject script content that executes in a victim’s browser when a crafted GET request is handled. The supplied CVE record was published and modified on [truncated]
CVE-2022-50965 describes a reflected cross-site scripting issue in uBidAuction 2.0.1 affecting the posts/manage module. The reported filter parameters date_created, date_from, date_to, and created_at are not properly sanitized, which can let attacker-supplied script content be reflected into a victim’s browser through crafted GET requests. The supplied NVD record was published/modified on 2026-05-10 and m [truncated]
CVE-2022-50964 describes a reflected cross-site scripting issue in uBidAuction 2.0.1 affecting the auctions/myAuctions/status/loose module. The vulnerable filter parameters include date_created, date_from, date_to, and created_at, which are not properly sanitized and can be abused through crafted GET requests to run script in a victim's browser.
uBidAuction 2.0.1 is reported to have a reflected cross-site scripting issue in the auctions/myAuctions/status/active module. Crafted GET requests targeting filter parameters such as date_created, date_from, date_to, and created_at can cause attacker-supplied script to execute in a victim’s browser.
CVE-2022-50962 is a reflected cross-site scripting (XSS) issue reported for uBidAuction 2.0.1 in the orders/myOrders module. The vulnerability is tied to filter parameters including date_created, date_from, date_to, and created_at, which are described as insufficiently sanitized and able to carry attacker-controlled script content in crafted GET requests. Because the issue is reflected and browser-trigger [truncated]