QwikSec

Security Database

CVE

CWE

Training

CVE-2007-0477

Published: Jan 25, 2007

Modified: Aug 7, 2024

PUBLISHED

Description

Cross-site scripting (XSS) vulnerability in Openads 2.0.x before 2.0.10, 2.3 before 2.3.31 (aka Max Media Manager before 0.3.31-alpha-pr2), and phpAdsNew/phpPgAds before 2.0.9-pr1 allows remote attackers to inject arbitrary web script or HTML via (1) the keyword parameter in admin-search.php and (2) affiliate-search.php. NOTE: this issue may overlap CVE-2007-0363.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

20070126 [OPENADS-SA-2007-002] Max Media Manager v0.1.29 and v0.3.30 vulnerability fixed

mailing-list

x_refsource_BUGTRAQ

third-party-advisory

x_refsource_JVN

vdb-entry

x_refsource_OSVDB

20070124 [OPENADS-SA-2007-001] phpAdsNew and phpPgAds 2.0.9-pr1 vulnerability fixed

mailing-list

x_refsource_BUGTRAQ

http://forum.openads.org/index.php?showtopic=503412651

x_refsource_MISC

20070127 Re: [OPENADS-SA-2007-002] Max Media Manager v0.1.29 and v0.3.30 vulnerability fixed

mailing-list

x_refsource_BUGTRAQ

https://developer.openads.org/browser/branches/max/trunk/CHANGELOG.txt?format=raw

x_refsource_CONFIRM

vdb-entry

x_refsource_VUPEN

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.