4.3

CVE-2006-1397

EPSS 0.91%
Veröffentlicht 28.03.2006 11:06:00
Zuletzt bearbeitet 03.04.2025 01:03:51
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

Multiple cross-site scripting (XSS) vulnerabilities in (a) phpAdsNew and (b) phpPgAds before 2.0.8 allow remote attackers to inject arbitrary web script or HTML via the (1) certain parameters to the banner delivery module, which is not properly handled in the administrator interface, or (2) certain parameters to the login form.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 16

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Phpadsnew ≫ Phpadsnew Version2.0

Phpadsnew ≫ Phpadsnew Version2.0.2

Phpadsnew ≫ Phpadsnew Version2.0.3

Phpadsnew ≫ Phpadsnew Version2.0.4

Phpadsnew ≫ Phpadsnew Version2.0.5

Phpadsnew ≫ Phpadsnew Version2.0.7

Phpadsnew ≫ Phpadsnew Version2_dev_2001-10-09

Phppgads ≫ Phppgads Version2.0.4

Phppgads ≫ Phppgads Version2.0.4_pr2

Phppgads ≫ Phppgads Version2.0.5

Phppgads ≫ Phppgads Version2.0.7

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.91%	0.746

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:N/I:P/A:N

Es wurden noch keine Informationen zu CWE veröffentlicht.

http://phpadsnew.com/two/nucleus/index.php?itemid=46

http://secunia.com/advisories/19384

Patch

Vendor Advisory

http://securityreason.com/securityalert/633

http://securitytracker.com/id?1015828

Patch

http://securitytracker.com/id?1015829

Patch

http://sourceforge.net/project/shownotes.php?release_id=404963

Patch

http://sourceforge.net/project/shownotes.php?release_id=404964

Patch

http://www.osvdb.org/24205

http://www.osvdb.org/24206

http://www.securityfocus.com/archive/1/428898/100/0/threaded

http://www.securityfocus.com/bid/17251

Patch

http://www.vupen.com/english/advisories/2006/1107

https://exchange.xforce.ibmcloud.com/vulnerabilities/25458

https://nvd.nist.gov/vuln/detail/CVE-2006-1397

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2006-1397

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2006-1397

EUVD