Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

phpPGAds/phpAdNew < 2.0.5 adframe.php refresh Parameter XSS

Medium

Synopsis

There is a flaw in the remote phpAdNew/phpPgAds PHP Ads server, a banner management and tracking system written in PHP.

Description

There is a flaw in the remote phpAdNew/phpPgAds PHP Ads server, a banner management and tracking system written in PHP. This version of phpAdNew is vulnerable to a Cross-Site Scripting (XSS) vulnerability. An attacker exploiting this flaw would be able steal potentially confidential information (such as cookies) or execute malicious code within the client browser.

Solution

Upgrade to version 2.0.5 or higher.