CVE-2006-1397

medium

Description

Multiple cross-site scripting (XSS) vulnerabilities in (a) phpAdsNew and (b) phpPgAds before 2.0.8 allow remote attackers to inject arbitrary web script or HTML via the (1) certain parameters to the banner delivery module, which is not properly handled in the administrator interface, or (2) certain parameters to the login form.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/25458

http://www.vupen.com/english/advisories/2006/1107

http://www.securityfocus.com/bid/17251

http://www.securityfocus.com/archive/1/428898/100/0/threaded

http://www.osvdb.org/24206

http://www.osvdb.org/24205

http://sourceforge.net/project/shownotes.php?release_id=404964

http://sourceforge.net/project/shownotes.php?release_id=404963

http://securitytracker.com/id?1015829

http://securitytracker.com/id?1015828

http://securityreason.com/securityalert/633

http://secunia.com/advisories/19384

http://phpadsnew.com/two/nucleus/index.php?itemid=46

Details

Source: Mitre, NVD

Published: 2006-03-28

Updated: 2024-11-21

Risk Information

CVSS v2

Base Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 6.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Severity: Medium