Back to search
CVE-2006-1397
Published: Mar 28, 2006
Modified: Aug 7, 2024
PUBLISHED
Description
Multiple cross-site scripting (XSS) vulnerabilities in (a) phpAdsNew and (b) phpPgAds before 2.0.8 allow remote attackers to inject arbitrary web script or HTML via the (1) certain parameters to the banner delivery module, which is not properly handled in the administrator interface, or (2) certain parameters to the login form.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
phpadsnew-login-banner-xss(25458)
vdb-entry
x_refsource_XF
http://sourceforge.net/project/shownotes.php?release_id=404964
x_refsource_CONFIRM
19384
third-party-advisory
x_refsource_SECUNIA
24206
vdb-entry
x_refsource_OSVDB
633
third-party-advisory
x_refsource_SREASON
ADV-2006-1107
vdb-entry
x_refsource_VUPEN
17251
vdb-entry
x_refsource_BID
http://phpadsnew.com/two/nucleus/index.php?itemid=46
x_refsource_CONFIRM
20060327 [PHPADSNEW-SA-2006-001] phpAdsNew and phpPgAds 2.0.8 fix multiple vulnerabilities
mailing-list
x_refsource_BUGTRAQ
24205
vdb-entry
x_refsource_OSVDB
1015829
vdb-entry
x_refsource_SECTRACK
1015828
vdb-entry
x_refsource_SECTRACK
http://sourceforge.net/project/shownotes.php?release_id=404963
x_refsource_CONFIRM
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now