CVE-2006-1397 - OpenCVE

Multiple cross-site scripting (XSS) vulnerabilities in (a) phpAdsNew and (b) phpPgAds before 2.0.8 allow remote attackers to inject arbitrary web script or HTML via the (1) certain parameters to the banner delivery module, which is not properly handled in the administrator interface, or (2) certain parameters to the login form.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:N/C:N/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Phpadsnew	Phpadsnew
Phppgads	Phppgads

Configuration 1 [-]

OR	cpe:2.3:a:phpadsnew:phpadsnew:2.0:::::::*
	cpe:2.3:a:phpadsnew:phpadsnew:2.0.2:::::::*
	cpe:2.3:a:phpadsnew:phpadsnew:2.0.3:::::::*
	cpe:2.3:a:phpadsnew:phpadsnew:2.0.4:::::::*
	cpe:2.3:a:phpadsnew:phpadsnew:2.0.5:::::::*
	cpe:2.3:a:phpadsnew:phpadsnew:2.0.7:::::::*
	cpe:2.3:a:phpadsnew:phpadsnew:2_dev_2001-10-09:::::::*
	cpe:2.3:a:phppgads:phppgads:2.0.4:::::::*
	cpe:2.3:a:phppgads:phppgads:2.0.4_pr2:::::::*
	cpe:2.3:a:phppgads:phppgads:2.0.5:::::::*
	cpe:2.3:a:phppgads:phppgads:2.0.7:::::::*

No data.

References

Link	Providers
http://phpadsnew.com/two/nucleus/index.php?itemid=46
http://secunia.com/advisories/19384
http://securityreason.com/securityalert/633
http://securitytracker.com/id?1015828
http://securitytracker.com/id?1015829
http://sourceforge.net/project/shownotes.php?release_id=404963
http://sourceforge.net/project/shownotes.php?release_id=404964
http://www.osvdb.org/24205
http://www.osvdb.org/24206
http://www.securityfocus.com/archive/1/428898/100/0/threaded
http://www.securityfocus.com/bid/17251
http://www.vupen.com/english/advisories/2006/1107
https://exchange.xforce.ibmcloud.com/vulnerabilities/25458

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2006-03-28T11:00:00

Updated: 2024-08-07T17:12:21.235Z

Reserved: 2006-03-28T00:00:00

Link: CVE-2006-1397

Vulnrichment

No data.

NVD

Status : Modified

Published: 2006-03-28T11:06:00.000

Modified: 2018-10-18T16:32:28.527

Link: CVE-2006-1397

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2006-03-27T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in (a) phpAdsNew and (b) phpPgAds before 2.0.8 allow remote attackers to inject arbitrary web script or HTML via the (1) certain parameters to the banner delivery module, which is not properly handled in the administrator interface, or (2) certain parameters to the login form."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-18T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "phpadsnew-login-banner-xss(25458)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25458"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://sourceforge.net/project/shownotes.php?release_id=404964"}, {"name": "19384", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/19384"}, {"name": "24206", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/24206"}, {"name": "633", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/633"}, {"name": "ADV-2006-1107", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2006/1107"}, {"name": "17251", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/17251"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://phpadsnew.com/two/nucleus/index.php?itemid=46"}, {"name": "20060327 [PHPADSNEW-SA-2006-001] phpAdsNew and phpPgAds 2.0.8 fix multiple vulnerabilities", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/428898/100/0/threaded"}, {"name": "24205", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/24205"}, {"name": "1015829", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1015829"}, {"name": "1015828", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1015828"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://sourceforge.net/project/shownotes.php?release_id=404963"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-1397", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple cross-site scripting (XSS) vulnerabilities in (a) phpAdsNew and (b) phpPgAds before 2.0.8 allow remote attackers to inject arbitrary web script or HTML via the (1) certain parameters to the banner delivery module, which is not properly handled in the administrator interface, or (2) certain parameters to the login form."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "phpadsnew-login-banner-xss(25458)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25458"}, {"name": "http://sourceforge.net/project/shownotes.php?release_id=404964", "refsource": "CONFIRM", "url": "http://sourceforge.net/project/shownotes.php?release_id=404964"}, {"name": "19384", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/19384"}, {"name": "24206", "refsource": "OSVDB", "url": "http://www.osvdb.org/24206"}, {"name": "633", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/633"}, {"name": "ADV-2006-1107", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/1107"}, {"name": "17251", "refsource": "BID", "url": "http://www.securityfocus.com/bid/17251"}, {"name": "http://phpadsnew.com/two/nucleus/index.php?itemid=46", "refsource": "CONFIRM", "url": "http://phpadsnew.com/two/nucleus/index.php?itemid=46"}, {"name": "20060327 [PHPADSNEW-SA-2006-001] phpAdsNew and phpPgAds 2.0.8 fix multiple vulnerabilities", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/428898/100/0/threaded"}, {"name": "24205", "refsource": "OSVDB", "url": "http://www.osvdb.org/24205"}, {"name": "1015829", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1015829"}, {"name": "1015828", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1015828"}, {"name": "http://sourceforge.net/project/shownotes.php?release_id=404963", "refsource": "CONFIRM", "url": "http://sourceforge.net/project/shownotes.php?release_id=404963"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T17:12:21.235Z"}, "title": "CVE Program Container", "references": [{"name": "phpadsnew-login-banner-xss(25458)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25458"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://sourceforge.net/project/shownotes.php?release_id=404964"}, {"name": "19384", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/19384"}, {"name": "24206", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/24206"}, {"name": "633", "tags": ["third-party-advisory", "x_refsource_SREASON", "x_transferred"], "url": "http://securityreason.com/securityalert/633"}, {"name": "ADV-2006-1107", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2006/1107"}, {"name": "17251", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/17251"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://phpadsnew.com/two/nucleus/index.php?itemid=46"}, {"name": "20060327 [PHPADSNEW-SA-2006-001] phpAdsNew and phpPgAds 2.0.8 fix multiple vulnerabilities", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/428898/100/0/threaded"}, {"name": "24205", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/24205"}, {"name": "1015829", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://securitytracker.com/id?1015829"}, {"name": "1015828", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://securitytracker.com/id?1015828"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://sourceforge.net/project/shownotes.php?release_id=404963"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-1397", "datePublished": "2006-03-28T11:00:00", "dateReserved": "2006-03-28T00:00:00", "dateUpdated": "2024-08-07T17:12:21.235Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:phpadsnew:phpadsnew:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "0845A199-2B04-474D-8F03-A4A646A018A4", "vulnerable": true}, {"criteria": "cpe:2.3:a:phpadsnew:phpadsnew:2.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "906D4516-6D64-47AA-ADAE-AC96D071C07C", "vulnerable": true}, {"criteria": "cpe:2.3:a:phpadsnew:phpadsnew:2.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "4E0456A2-AAA5-463B-BE1F-90032EF745CF", "vulnerable": true}, {"criteria": "cpe:2.3:a:phpadsnew:phpadsnew:2.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "AE5BAA40-7585-4877-B227-ED0C4EF78A09", "vulnerable": true}, {"criteria": "cpe:2.3:a:phpadsnew:phpadsnew:2.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "52CE9A50-87BA-4BEC-9076-9E0C24B2E972", "vulnerable": true}, {"criteria": "cpe:2.3:a:phpadsnew:phpadsnew:2.0.7:*:*:*:*:*:*:*", "matchCriteriaId": "3F9A8ABA-941E-474B-A1AF-329678D424E4", "vulnerable": true}, {"criteria": "cpe:2.3:a:phpadsnew:phpadsnew:2_dev_2001-10-09:*:*:*:*:*:*:*", "matchCriteriaId": "0B27D5E0-0A62-407E-9597-F9B6E79BE929", "vulnerable": true}, {"criteria": "cpe:2.3:a:phppgads:phppgads:2.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "308814A1-A5D5-4DB6-81B9-18EE0B92D6CD", "vulnerable": true}, {"criteria": "cpe:2.3:a:phppgads:phppgads:2.0.4_pr2:*:*:*:*:*:*:*", "matchCriteriaId": "0E6EA06C-E45D-4D6D-84B2-7DB37A8A85C3", "vulnerable": true}, {"criteria": "cpe:2.3:a:phppgads:phppgads:2.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "91D30F73-4815-41BE-994E-8B399AB75593", "vulnerable": true}, {"criteria": "cpe:2.3:a:phppgads:phppgads:2.0.7:*:*:*:*:*:*:*", "matchCriteriaId": "EFC4EC37-7D4E-48A2-8325-C16A06CF094D", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in (a) phpAdsNew and (b) phpPgAds before 2.0.8 allow remote attackers to inject arbitrary web script or HTML via the (1) certain parameters to the banner delivery module, which is not properly handled in the administrator interface, or (2) certain parameters to the login form."}], "id": "CVE-2006-1397", "lastModified": "2018-10-18T16:32:28.527", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2006-03-28T11:06:00.000", "references": [{"source": "cve@mitre.org", "url": "http://phpadsnew.com/two/nucleus/index.php?itemid=46"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://secunia.com/advisories/19384"}, {"source": "cve@mitre.org", "url": "http://securityreason.com/securityalert/633"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://securitytracker.com/id?1015828"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://securitytracker.com/id?1015829"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://sourceforge.net/project/shownotes.php?release_id=404963"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://sourceforge.net/project/shownotes.php?release_id=404964"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/24205"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/24206"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/428898/100/0/threaded"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://www.securityfocus.com/bid/17251"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2006/1107"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25458"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}