header-logo
Suggest Exploit
vendor:
phpAdsNew, OpenAds, OpenX
by:
Not available
5.5
CVSS
MEDIUM
Cross-Site Scripting (XSS)
79
CWE
Product Name: phpAdsNew, OpenAds, OpenX
Affected Version From: Not available
Affected Version To: Not available
Patch Exists: NO
Related CWE: Not available
CPE: Not available
Metasploit:
Other Scripts:
Platforms Tested: Not available
2010

Cross-Site Scripting Vulnerability in Multiple Products

The applications fail to properly sanitize user-supplied input, allowing an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can be used to steal authentication credentials and launch further attacks.

Mitigation:

Developers should properly sanitize user-supplied input to prevent XSS vulnerabilities. Input validation and output encoding can be used to mitigate the risk.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/38732/info

Multiple products are prone to a cross-site scripting vulnerability because the applications fail to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

The following products are affected:

phpAdsNew
OpenAds
OpenX 

http://www.example.com/path/banner.swf?clickTAG=javascript:alert('XSS')