Lucene search

MitreCVE-2006-1397

HistoryMar 28, 2006 - 11:06 a.m.

CVE-2006-1397

2006-03-2811:06:00

mitre

web.nvd.nist.gov

cve-2006-1397

cross-site scripting

xss

phpadsnew

phppgads

security vulnerability

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.8

Confidence

High

EPSS

0.005

Percentile

76.8%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in (a) phpAdsNew and (b) phpPgAds before 2.0.8 allow remote attackers to inject arbitrary web script or HTML via the (1) certain parameters to the banner delivery module, which is not properly handled in the administrator interface, or (2) certain parameters to the login form.

Affected configurations

Nvd

Node

phpadsnewphpadsnewMatch2.0

phpadsnewphpadsnewMatch2.0.2

phpadsnewphpadsnewMatch2.0.3

phpadsnewphpadsnewMatch2.0.4

phpadsnewphpadsnewMatch2.0.5

phpadsnewphpadsnewMatch2.0.7

phpadsnewphpadsnewMatch2_dev_2001-10-09

phppgadsphppgadsMatch2.0.4

phppgadsphppgadsMatch2.0.4_pr2

phppgadsphppgadsMatch2.0.5

phppgadsphppgadsMatch2.0.7

VendorProductVersionCPE
phpadsnewphpadsnew2.0cpe:2.3:a:phpadsnew:phpadsnew:2.0:*:*:*:*:*:*:*
phpadsnewphpadsnew2.0.2cpe:2.3:a:phpadsnew:phpadsnew:2.0.2:*:*:*:*:*:*:*
phpadsnewphpadsnew2.0.3cpe:2.3:a:phpadsnew:phpadsnew:2.0.3:*:*:*:*:*:*:*
phpadsnewphpadsnew2.0.4cpe:2.3:a:phpadsnew:phpadsnew:2.0.4:*:*:*:*:*:*:*
phpadsnewphpadsnew2.0.5cpe:2.3:a:phpadsnew:phpadsnew:2.0.5:*:*:*:*:*:*:*
phpadsnewphpadsnew2.0.7cpe:2.3:a:phpadsnew:phpadsnew:2.0.7:*:*:*:*:*:*:*
phpadsnewphpadsnew2_dev_2001-10-09cpe:2.3:a:phpadsnew:phpadsnew:2_dev_2001-10-09:*:*:*:*:*:*:*
phppgadsphppgads2.0.4cpe:2.3:a:phppgads:phppgads:2.0.4:*:*:*:*:*:*:*
phppgadsphppgads2.0.4_pr2cpe:2.3:a:phppgads:phppgads:2.0.4_pr2:*:*:*:*:*:*:*
phppgadsphppgads2.0.5cpe:2.3:a:phppgads:phppgads:2.0.5:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
phpadsnew	phpadsnew	2.0	cpe:2.3:a:phpadsnew:phpadsnew:2.0:::::::*
phpadsnew	phpadsnew	2.0.2	cpe:2.3:a:phpadsnew:phpadsnew:2.0.2:::::::*
phpadsnew	phpadsnew	2.0.3	cpe:2.3:a:phpadsnew:phpadsnew:2.0.3:::::::*
phpadsnew	phpadsnew	2.0.4	cpe:2.3:a:phpadsnew:phpadsnew:2.0.4:::::::*
phpadsnew	phpadsnew	2.0.5	cpe:2.3:a:phpadsnew:phpadsnew:2.0.5:::::::*
phpadsnew	phpadsnew	2.0.7	cpe:2.3:a:phpadsnew:phpadsnew:2.0.7:::::::*
phpadsnew	phpadsnew	2_dev_2001-10-09	cpe:2.3:a:phpadsnew:phpadsnew:2_dev_2001-10-09:::::::*
phppgads	phppgads	2.0.4	cpe:2.3:a:phppgads:phppgads:2.0.4:::::::*
phppgads	phppgads	2.0.4_pr2	cpe:2.3:a:phppgads:phppgads:2.0.4_pr2:::::::*
phppgads	phppgads	2.0.5	cpe:2.3:a:phppgads:phppgads:2.0.5:::::::*

Rows per page:

1-10 of 111

References

phpadsnew.com/two/nucleus/index.php?itemid=46

secunia.com/advisories/19384

securityreason.com/securityalert/633

securitytracker.com/id?1015828

securitytracker.com/id?1015829

sourceforge.net/project/shownotes.php?release_id=404963

sourceforge.net/project/shownotes.php?release_id=404964

www.osvdb.org/24205

www.osvdb.org/24206

www.securityfocus.com/archive/1/428898/100/0/threaded

www.securityfocus.com/bid/17251

www.vupen.com/english/advisories/2006/1107

exchange.xforce.ibmcloud.com/vulnerabilities/25458

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.8

Confidence

High

EPSS

0.005

Percentile

76.8%

JSON

Related for CVE-2006-1397