CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
AI Score
Confidence
High
EPSS
Percentile
76.8%
Multiple cross-site scripting (XSS) vulnerabilities in (a) phpAdsNew and (b) phpPgAds before 2.0.8 allow remote attackers to inject arbitrary web script or HTML via the (1) certain parameters to the banner delivery module, which is not properly handled in the administrator interface, or (2) certain parameters to the login form.
Vendor | Product | Version | CPE |
---|---|---|---|
phpadsnew | phpadsnew | 2.0 | cpe:2.3:a:phpadsnew:phpadsnew:2.0:*:*:*:*:*:*:* |
phpadsnew | phpadsnew | 2.0.2 | cpe:2.3:a:phpadsnew:phpadsnew:2.0.2:*:*:*:*:*:*:* |
phpadsnew | phpadsnew | 2.0.3 | cpe:2.3:a:phpadsnew:phpadsnew:2.0.3:*:*:*:*:*:*:* |
phpadsnew | phpadsnew | 2.0.4 | cpe:2.3:a:phpadsnew:phpadsnew:2.0.4:*:*:*:*:*:*:* |
phpadsnew | phpadsnew | 2.0.5 | cpe:2.3:a:phpadsnew:phpadsnew:2.0.5:*:*:*:*:*:*:* |
phpadsnew | phpadsnew | 2.0.7 | cpe:2.3:a:phpadsnew:phpadsnew:2.0.7:*:*:*:*:*:*:* |
phpadsnew | phpadsnew | 2_dev_2001-10-09 | cpe:2.3:a:phpadsnew:phpadsnew:2_dev_2001-10-09:*:*:*:*:*:*:* |
phppgads | phppgads | 2.0.4 | cpe:2.3:a:phppgads:phppgads:2.0.4:*:*:*:*:*:*:* |
phppgads | phppgads | 2.0.4_pr2 | cpe:2.3:a:phppgads:phppgads:2.0.4_pr2:*:*:*:*:*:*:* |
phppgads | phppgads | 2.0.5 | cpe:2.3:a:phppgads:phppgads:2.0.5:*:*:*:*:*:*:* |
phpadsnew.com/two/nucleus/index.php?itemid=46
secunia.com/advisories/19384
securityreason.com/securityalert/633
securitytracker.com/id?1015828
securitytracker.com/id?1015829
sourceforge.net/project/shownotes.php?release_id=404963
sourceforge.net/project/shownotes.php?release_id=404964
www.osvdb.org/24205
www.osvdb.org/24206
www.securityfocus.com/archive/1/428898/100/0/threaded
www.securityfocus.com/bid/17251
www.vupen.com/english/advisories/2006/1107
exchange.xforce.ibmcloud.com/vulnerabilities/25458