vendor:
Ad Peeps Ad Rotator
by:
Matt and all of InterN0T
N/A
CVSS
MEDIUM
XSS and HTML Injection
79
CWE
Product Name: Ad Peeps Ad Rotator
Affected Version From: 8.5d1
Affected Version To: 8.5d1
Patch Exists: NO
Related CWE:
CPE:
Platforms Tested:
2009
AdPeeps Ad Rotator – XSS and HTML Injection Vulnerabilities
AdPeeps Ad Rotator version 8.5d1 (3-18-09) is vulnerable to XSS and HTML injection attacks. The vulnerabilities can be exploited through various parameters including uid, campainid, type, period, loginpass, accname, e9, from, subject, and idno. These vulnerabilities allow an attacker to execute arbitrary JavaScript code on the affected website. The default login credentials for the admin panel are admin/admin.
Mitigation:
To mitigate these vulnerabilities, it is recommended to implement proper input validation and sanitization techniques. Additionally, it is advised to update to the latest version of AdPeeps Ad Rotator.