FKIE_CVE-2006-1397

Vulnerability from fkie_nvd - Published: 2006-03-28 11:06 - Updated: 2025-04-03 01:03
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in (a) phpAdsNew and (b) phpPgAds before 2.0.8 allow remote attackers to inject arbitrary web script or HTML via the (1) certain parameters to the banner delivery module, which is not properly handled in the administrator interface, or (2) certain parameters to the login form.
References
cve@mitre.orghttp://phpadsnew.com/two/nucleus/index.php?itemid=46
cve@mitre.orghttp://secunia.com/advisories/19384Patch, Vendor Advisory
cve@mitre.orghttp://securityreason.com/securityalert/633
cve@mitre.orghttp://securitytracker.com/id?1015828Patch
cve@mitre.orghttp://securitytracker.com/id?1015829Patch
cve@mitre.orghttp://sourceforge.net/project/shownotes.php?release_id=404963Patch
cve@mitre.orghttp://sourceforge.net/project/shownotes.php?release_id=404964Patch
cve@mitre.orghttp://www.osvdb.org/24205
cve@mitre.orghttp://www.osvdb.org/24206
cve@mitre.orghttp://www.securityfocus.com/archive/1/428898/100/0/threaded
cve@mitre.orghttp://www.securityfocus.com/bid/17251Patch
cve@mitre.orghttp://www.vupen.com/english/advisories/2006/1107
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/25458
af854a3a-2127-422b-91ae-364da2661108http://phpadsnew.com/two/nucleus/index.php?itemid=46
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/19384Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://securityreason.com/securityalert/633
af854a3a-2127-422b-91ae-364da2661108http://securitytracker.com/id?1015828Patch
af854a3a-2127-422b-91ae-364da2661108http://securitytracker.com/id?1015829Patch
af854a3a-2127-422b-91ae-364da2661108http://sourceforge.net/project/shownotes.php?release_id=404963Patch
af854a3a-2127-422b-91ae-364da2661108http://sourceforge.net/project/shownotes.php?release_id=404964Patch
af854a3a-2127-422b-91ae-364da2661108http://www.osvdb.org/24205
af854a3a-2127-422b-91ae-364da2661108http://www.osvdb.org/24206
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/428898/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/17251Patch
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2006/1107
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/25458
Impacted products
Vendor Product Version
phpadsnew phpadsnew 2.0
phpadsnew phpadsnew 2.0.2
phpadsnew phpadsnew 2.0.3
phpadsnew phpadsnew 2.0.4
phpadsnew phpadsnew 2.0.5
phpadsnew phpadsnew 2.0.7
phpadsnew phpadsnew 2_dev_2001-10-09
phppgads phppgads 2.0.4
phppgads phppgads 2.0.4_pr2
phppgads phppgads 2.0.5
phppgads phppgads 2.0.7
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:phpadsnew:phpadsnew:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0845A199-2B04-474D-8F03-A4A646A018A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpadsnew:phpadsnew:2.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "906D4516-6D64-47AA-ADAE-AC96D071C07C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpadsnew:phpadsnew:2.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E0456A2-AAA5-463B-BE1F-90032EF745CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpadsnew:phpadsnew:2.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "AE5BAA40-7585-4877-B227-ED0C4EF78A09",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpadsnew:phpadsnew:2.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "52CE9A50-87BA-4BEC-9076-9E0C24B2E972",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpadsnew:phpadsnew:2.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F9A8ABA-941E-474B-A1AF-329678D424E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpadsnew:phpadsnew:2_dev_2001-10-09:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B27D5E0-0A62-407E-9597-F9B6E79BE929",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phppgads:phppgads:2.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "308814A1-A5D5-4DB6-81B9-18EE0B92D6CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phppgads:phppgads:2.0.4_pr2:*:*:*:*:*:*:*",
              "matchCriteriaId": "0E6EA06C-E45D-4D6D-84B2-7DB37A8A85C3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phppgads:phppgads:2.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "91D30F73-4815-41BE-994E-8B399AB75593",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phppgads:phppgads:2.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "EFC4EC37-7D4E-48A2-8325-C16A06CF094D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple cross-site scripting (XSS) vulnerabilities in (a) phpAdsNew and (b) phpPgAds before 2.0.8 allow remote attackers to inject arbitrary web script or HTML via the (1) certain parameters to the banner delivery module, which is not properly handled in the administrator interface, or (2) certain parameters to the login form."
    }
  ],
  "id": "CVE-2006-1397",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2006-03-28T11:06:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://phpadsnew.com/two/nucleus/index.php?itemid=46"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/19384"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securityreason.com/securityalert/633"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://securitytracker.com/id?1015828"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://securitytracker.com/id?1015829"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://sourceforge.net/project/shownotes.php?release_id=404963"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://sourceforge.net/project/shownotes.php?release_id=404964"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.osvdb.org/24205"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.osvdb.org/24206"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/428898/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/17251"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2006/1107"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25458"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://phpadsnew.com/two/nucleus/index.php?itemid=46"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/19384"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securityreason.com/securityalert/633"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://securitytracker.com/id?1015828"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://securitytracker.com/id?1015829"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://sourceforge.net/project/shownotes.php?release_id=404963"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://sourceforge.net/project/shownotes.php?release_id=404964"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osvdb.org/24205"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osvdb.org/24206"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/428898/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/17251"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2006/1107"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25458"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.