CVE-2006-1397 - OpenCVE

Multiple cross-site scripting (XSS) vulnerabilities in (a) phpAdsNew and (b) phpPgAds before 2.0.8 allow remote attackers to inject arbitrary web script or HTML via the (1) certain parameters to the banner delivery module, which is not properly handled in the administrator interface, or (2) certain parameters to the login form.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:N/C:N/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Phpadsnew	Phpadsnew
Phppgads	Phppgads

Configuration 1 [-]

OR	cpe:2.3:a:phpadsnew:phpadsnew:2.0:::::::*
	cpe:2.3:a:phpadsnew:phpadsnew:2.0.2:::::::*
	cpe:2.3:a:phpadsnew:phpadsnew:2.0.3:::::::*
	cpe:2.3:a:phpadsnew:phpadsnew:2.0.4:::::::*
	cpe:2.3:a:phpadsnew:phpadsnew:2.0.5:::::::*
	cpe:2.3:a:phpadsnew:phpadsnew:2.0.7:::::::*
	cpe:2.3:a:phpadsnew:phpadsnew:2_dev_2001-10-09:::::::*
	cpe:2.3:a:phppgads:phppgads:2.0.4:::::::*
	cpe:2.3:a:phppgads:phppgads:2.0.4_pr2:::::::*
	cpe:2.3:a:phppgads:phppgads:2.0.5:::::::*
	cpe:2.3:a:phppgads:phppgads:2.0.7:::::::*

References

Link	Resource
http://phpadsnew.com/two/nucleus/index.php?itemid=46
http://secunia.com/advisories/19384	Patch Vendor Advisory
http://securityreason.com/securityalert/633
http://securitytracker.com/id?1015828	Patch
http://securitytracker.com/id?1015829	Patch
http://sourceforge.net/project/shownotes.php?release_id=404963	Patch
http://sourceforge.net/project/shownotes.php?release_id=404964	Patch
http://www.osvdb.org/24205
http://www.osvdb.org/24206
http://www.securityfocus.com/archive/1/428898/100/0/threaded
http://www.securityfocus.com/bid/17251	Patch
http://www.vupen.com/english/advisories/2006/1107
https://exchange.xforce.ibmcloud.com/vulnerabilities/25458

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2006-03-28T11:00:00

Updated: 2018-10-18T14:57:01

Reserved: 2006-03-28T00:00:00

Link: CVE-2006-1397

JSON object: View

NVD Information

Status : Modified

Published: 2006-03-28T11:06:00.000

Modified: 2018-10-18T16:32:28.527

Link: CVE-2006-1397

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-Other

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2006-03-27T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in (a) phpAdsNew and (b) phpPgAds before 2.0.8 allow remote attackers to inject arbitrary web script or HTML via the (1) certain parameters to the banner delivery module, which is not properly handled in the administrator interface, or (2) certain parameters to the login form."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-18T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "phpadsnew-login-banner-xss(25458)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25458"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://sourceforge.net/project/shownotes.php?release_id=404964"}, {"name": "19384", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/19384"}, {"name": "24206", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/24206"}, {"name": "633", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/633"}, {"name": "ADV-2006-1107", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2006/1107"}, {"name": "17251", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/17251"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://phpadsnew.com/two/nucleus/index.php?itemid=46"}, {"name": "20060327 [PHPADSNEW-SA-2006-001] phpAdsNew and phpPgAds 2.0.8 fix multiple vulnerabilities", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/428898/100/0/threaded"}, {"name": "24205", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/24205"}, {"name": "1015829", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1015829"}, {"name": "1015828", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1015828"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://sourceforge.net/project/shownotes.php?release_id=404963"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-1397", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple cross-site scripting (XSS) vulnerabilities in (a) phpAdsNew and (b) phpPgAds before 2.0.8 allow remote attackers to inject arbitrary web script or HTML via the (1) certain parameters to the banner delivery module, which is not properly handled in the administrator interface, or (2) certain parameters to the login form."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "phpadsnew-login-banner-xss(25458)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25458"}, {"name": "http://sourceforge.net/project/shownotes.php?release_id=404964", "refsource": "CONFIRM", "url": "http://sourceforge.net/project/shownotes.php?release_id=404964"}, {"name": "19384", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/19384"}, {"name": "24206", "refsource": "OSVDB", "url": "http://www.osvdb.org/24206"}, {"name": "633", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/633"}, {"name": "ADV-2006-1107", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/1107"}, {"name": "17251", "refsource": "BID", "url": "http://www.securityfocus.com/bid/17251"}, {"name": "http://phpadsnew.com/two/nucleus/index.php?itemid=46", "refsource": "CONFIRM", "url": "http://phpadsnew.com/two/nucleus/index.php?itemid=46"}, {"name": "20060327 [PHPADSNEW-SA-2006-001] phpAdsNew and phpPgAds 2.0.8 fix multiple vulnerabilities", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/428898/100/0/threaded"}, {"name": "24205", "refsource": "OSVDB", "url": "http://www.osvdb.org/24205"}, {"name": "1015829", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1015829"}, {"name": "1015828", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1015828"}, {"name": "http://sourceforge.net/project/shownotes.php?release_id=404963", "refsource": "CONFIRM", "url": "http://sourceforge.net/project/shownotes.php?release_id=404963"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-1397", "datePublished": "2006-03-28T11:00:00", "dateReserved": "2006-03-28T00:00:00", "dateUpdated": "2018-10-18T14:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:phpadsnew:phpadsnew:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "0845A199-2B04-474D-8F03-A4A646A018A4", "vulnerable": true}, {"criteria": "cpe:2.3:a:phpadsnew:phpadsnew:2.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "906D4516-6D64-47AA-ADAE-AC96D071C07C", "vulnerable": true}, {"criteria": "cpe:2.3:a:phpadsnew:phpadsnew:2.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "4E0456A2-AAA5-463B-BE1F-90032EF745CF", "vulnerable": true}, {"criteria": "cpe:2.3:a:phpadsnew:phpadsnew:2.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "AE5BAA40-7585-4877-B227-ED0C4EF78A09", "vulnerable": true}, {"criteria": "cpe:2.3:a:phpadsnew:phpadsnew:2.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "52CE9A50-87BA-4BEC-9076-9E0C24B2E972", "vulnerable": true}, {"criteria": "cpe:2.3:a:phpadsnew:phpadsnew:2.0.7:*:*:*:*:*:*:*", "matchCriteriaId": "3F9A8ABA-941E-474B-A1AF-329678D424E4", "vulnerable": true}, {"criteria": "cpe:2.3:a:phpadsnew:phpadsnew:2_dev_2001-10-09:*:*:*:*:*:*:*", "matchCriteriaId": "0B27D5E0-0A62-407E-9597-F9B6E79BE929", "vulnerable": true}, {"criteria": "cpe:2.3:a:phppgads:phppgads:2.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "308814A1-A5D5-4DB6-81B9-18EE0B92D6CD", "vulnerable": true}, {"criteria": "cpe:2.3:a:phppgads:phppgads:2.0.4_pr2:*:*:*:*:*:*:*", "matchCriteriaId": "0E6EA06C-E45D-4D6D-84B2-7DB37A8A85C3", "vulnerable": true}, {"criteria": "cpe:2.3:a:phppgads:phppgads:2.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "91D30F73-4815-41BE-994E-8B399AB75593", "vulnerable": true}, {"criteria": "cpe:2.3:a:phppgads:phppgads:2.0.7:*:*:*:*:*:*:*", "matchCriteriaId": "EFC4EC37-7D4E-48A2-8325-C16A06CF094D", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in (a) phpAdsNew and (b) phpPgAds before 2.0.8 allow remote attackers to inject arbitrary web script or HTML via the (1) certain parameters to the banner delivery module, which is not properly handled in the administrator interface, or (2) certain parameters to the login form."}], "id": "CVE-2006-1397", "lastModified": "2018-10-18T16:32:28.527", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2006-03-28T11:06:00.000", "references": [{"source": "cve@mitre.org", "url": "http://phpadsnew.com/two/nucleus/index.php?itemid=46"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://secunia.com/advisories/19384"}, {"source": "cve@mitre.org", "url": "http://securityreason.com/securityalert/633"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://securitytracker.com/id?1015828"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://securitytracker.com/id?1015829"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://sourceforge.net/project/shownotes.php?release_id=404963"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://sourceforge.net/project/shownotes.php?release_id=404964"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/24205"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/24206"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/428898/100/0/threaded"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://www.securityfocus.com/bid/17251"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2006/1107"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25458"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}