Openads for PostgreSQL Unspecified Cross-Site Scripting Vulnerability

Bugtraq ID:	22124
Class:	Input Validation Error
CVE:
Remote:	Yes
Local:	No
Published:	Jan 18 2007 12:00AM
Updated:	Jan 19 2007 04:49AM
Credit:	The vendor reported this issue.
Vulnerable:	Openads phpPgAds 2.0.9-pr1 Openads phpPgAds 2.0.8-pr1
Not Vulnerable:	Openads Openads for PostgreSQL 2.0.10

Openads for PostgreSQL Unspecified Cross-Site Scripting Vulnerability

Openads for PostgreSQL is prone to an unspecified cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.

An attacker may leverage this issue to have arbitrary script code execute in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

This issue affects Openads for PostgreSQL prior to version 2.0.10.

Openads for PostgreSQL Unspecified Cross-Site Scripting Vulnerability

An attacker can exploit this issue by enticing an unsuspecting victim to follow a malicious URI.

Openads for PostgreSQL Unspecified Cross-Site Scripting Vulnerability

Solution:
The vendor released an update to address this issue. Please see the references for more information.

Openads for PostgreSQL Unspecified Cross-Site Scripting Vulnerability

References:

• Openads for PostgreSQL 2.0.10 Release Notes (Openads)
  
• Openads for PostgreSQL Homepage (Openads)