Tag: Security, Security / Home

Security

NAVIGATION
CATEGORIES
REFERRENCE
LINKS
Home » Security

  • phpAdsNew and phpPgAds2.0.8-pr1 fix XSS vulnerability

    0 answers - 1018 bytes - related search similar search Add To My Delicious Add To My Stumble Upon Add To My Google Mark Add To My Facebook Add To My Digg Add To My Reddit


    phpAdsNew / phpPgAds security advisory PHPADSNEW-SA-2006-002
    Advisory ID: PHPADSNEW-SA-2006-002
    Date:
    Security risk: medium risk
    Applications affected: phpAdsNew, phpPgAds
    Applications not affected: Max Media Manager v0.1.x - v0.3.x
    Versions affected: <= 2.0.8
    Versions not affected: >= 2.0.8-pr1
    Vulnerability: HTML injection / Cross-site scripting
    Description
    Some scripts inside the admin interface were displaying parameters
    collected by the delivery scripts without proper sanitizing or escaping.
    The delivery scripts have public access, while the admin interface is
    restricted to logged in users. An attacker could inject HTML/XSS code
    which could be displayed/executed in a later time inside the admin
    interface.
    Solutions
    - Upgrade to phpAdsNew or phpPgAds 2.0.8-pr1.
    Contact informations
    The security contact for phpAdsNew and phpPgAds can be reached at:
    <security AT phpadsnew DT com>
    Best regards

Re: phpAdsNew and phpPgAds2.0.8-pr1 fix XSS vulnerability


max 4000 letters.
Your nickname that display:
In order to stop the spam: 1 + 0 =
QUESTION ON "Security"

EMSDN.COM