JVN#07274813 phpAdsNew cross-site scripting vulnerability

2007-01-22T00:00:00
ID JVN:07274813
Type jvn
Reporter Japan Vulnerability Notes
Modified 2008-05-21T00:00:00

Description

## Description

The products listed below use the same module as phpAdsNew thus they are also affected by the vulnerability.

All users of these products are encouraged to update to the latest versions provided by the developer.

  • phpPgAds 2.0.9-pr1 and earlier
  • Max Media Manager v0.1.29-rc and earlier
  • Max Media Manager v0.3.30-alpha and earlier

The updated versions of each product are listed below:

  • The updated version of phpAdsNew 2.0.9-pr1 is Openads 2.0.10.
  • The updated version of phpPgAds 2.0.9-pr1 is Openads for PostgreSQL 2.0.10.
  • The updated version of Max Media Manager v0.1.29-rc and v0.3.30-alpha is Openads 2.3.31.

## Impact

An arbitrary script may be executed on the the user's web browser if the user logged into phpAdsNew as the administrator. This may allow cookie information to be leaked or displayed contents to be falsified.

## Solution

## Products Affected

  • phpAdsNew 2.0.9-pr1 and earlier