Unrated severityNVD Advisory· Published Mar 28, 2006· Updated Apr 16, 2026

CVE-2006-1397

Description

Multiple cross-site scripting (XSS) vulnerabilities in (a) phpAdsNew and (b) phpPgAds before 2.0.8 allow remote attackers to inject arbitrary web script or HTML via the (1) certain parameters to the banner delivery module, which is not properly handled in the administrator interface, or (2) certain parameters to the login form.

Affected products

Phpadsnew/Phpadsnew7 versions
cpe:2.3:a:phpadsnew:phpadsnew:2.0:*:*:*:*:*:*:*+ 6 more
- cpe:2.3:a:phpadsnew:phpadsnew:2.0:*:*:*:*:*:*:*
- cpe:2.3:a:phpadsnew:phpadsnew:2.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:phpadsnew:phpadsnew:2.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:phpadsnew:phpadsnew:2.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:phpadsnew:phpadsnew:2.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:phpadsnew:phpadsnew:2.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:phpadsnew:phpadsnew:2_dev_2001-10-09:*:*:*:*:*:*:*
Phppgads/Phppgads4 versions
cpe:2.3:a:phppgads:phppgads:2.0.4:*:*:*:*:*:*:*+ 3 more
- cpe:2.3:a:phppgads:phppgads:2.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:phppgads:phppgads:2.0.4_pr2:*:*:*:*:*:*:*
- cpe:2.3:a:phppgads:phppgads:2.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:phppgads:phppgads:2.0.7:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

secunia.com/advisories/19384nvdPatchVendor Advisory
securitytracker.com/idnvdPatch
securitytracker.com/idnvdPatch
sourceforge.net/project/shownotes.phpnvdPatch
sourceforge.net/project/shownotes.phpnvdPatch
www.securityfocus.com/bid/17251nvdPatch
phpadsnew.com/two/nucleus/index.phpnvd
securityreason.com/securityalert/633nvd
www.osvdb.org/24205nvd
www.osvdb.org/24206nvd
www.securityfocus.com/archive/1/428898/100/0/threadednvd
www.vupen.com/english/advisories/2006/1107nvd
exchange.xforce.ibmcloud.com/vulnerabilities/25458nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000