CVE-2006-1397 - Multiple cross-site scripting (XSS) vulnerabilities in (a) phpAdsNew and (b) phpPgAds before 2.0.8 a

CVE-2006-1397

Summary

Multiple cross-site scripting (XSS) vulnerabilities in (a) phpAdsNew and (b) phpPgAds before 2.0.8 allow remote attackers to inject arbitrary web script or HTML via the (1) certain parameters to the banner delivery module, which is not properly handled in the administrator interface, or (2) certain parameters to the login form.

References

Vulnerable Configurations

cpe:2.3:a:phpadsnew:phpadsnew:2.0:*:*:*:*:*:*:*
cpe:2.3:a:phpadsnew:phpadsnew:2.0:*:*:*:*:*:*:*
cpe:2.3:a:phpadsnew:phpadsnew:2.0.2:*:*:*:*:*:*:*
cpe:2.3:a:phpadsnew:phpadsnew:2.0.2:*:*:*:*:*:*:*
cpe:2.3:a:phpadsnew:phpadsnew:2.0.3:*:*:*:*:*:*:*
cpe:2.3:a:phpadsnew:phpadsnew:2.0.3:*:*:*:*:*:*:*
cpe:2.3:a:phpadsnew:phpadsnew:2.0.4:*:*:*:*:*:*:*
cpe:2.3:a:phpadsnew:phpadsnew:2.0.4:*:*:*:*:*:*:*
cpe:2.3:a:phpadsnew:phpadsnew:2.0.5:*:*:*:*:*:*:*
cpe:2.3:a:phpadsnew:phpadsnew:2.0.5:*:*:*:*:*:*:*
cpe:2.3:a:phpadsnew:phpadsnew:2.0.7:*:*:*:*:*:*:*
cpe:2.3:a:phpadsnew:phpadsnew:2.0.7:*:*:*:*:*:*:*
cpe:2.3:a:phpadsnew:phpadsnew:2_dev_2001-10-09:*:*:*:*:*:*:*
cpe:2.3:a:phpadsnew:phpadsnew:2_dev_2001-10-09:*:*:*:*:*:*:*
cpe:2.3:a:phppgads:phppgads:2.0.4:*:*:*:*:*:*:*
cpe:2.3:a:phppgads:phppgads:2.0.4:*:*:*:*:*:*:*
cpe:2.3:a:phppgads:phppgads:2.0.4_pr2:*:*:*:*:*:*:*
cpe:2.3:a:phppgads:phppgads:2.0.4_pr2:*:*:*:*:*:*:*
cpe:2.3:a:phppgads:phppgads:2.0.5:*:*:*:*:*:*:*
cpe:2.3:a:phppgads:phppgads:2.0.5:*:*:*:*:*:*:*
cpe:2.3:a:phppgads:phppgads:2.0.7:*:*:*:*:*:*:*
cpe:2.3:a:phppgads:phppgads:2.0.7:*:*:*:*:*:*:*

CVSS

Base:	4.3 (as of 18-10-2018 - 16:32)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
NONE	PARTIAL	NONE

cvss-vector via4

AV:N/AC:M/Au:N/C:N/I:P/A:N

refmap via4

bid	17251
bugtraq	20060327 [PHPADSNEW-SA-2006-001] phpAdsNew and phpPgAds 2.0.8 fix multiple vulnerabilities
confirm	http://phpadsnew.com/two/nucleus/index.php?itemid=46 http://sourceforge.net/project/shownotes.php?release_id=404963 http://sourceforge.net/project/shownotes.php?release_id=404964
osvdb	24205 24206
sectrack	1015828 1015829
secunia	19384
sreason	633
vupen	ADV-2006-1107
xf	phpadsnew-login-banner-xss(25458)

Last major update

18-10-2018 - 16:32

Published

28-03-2006 - 11:06

Last modified

18-10-2018 - 16:32