- Description
- Cross-site scripting (XSS) vulnerability in admin-search.php in (1) Openads for PostgreSQL (aka phpPgAds) before 2.0.10 and (2) Openads (aka phpAdsNew) before 2.0.10 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.
- Source
- cve@mitre.org
- NVD status
- Modified
CVSS 2.0
- Type
- Primary
- Base score
- 6.8
- Impact score
- 6.4
- Exploitability score
- 8.6
- Vector string
- AV:N/AC:M/Au:N/C:P/I:P/A:P
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openads:openads:2.0.8_pr1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "832EB310-37D9-45E4-B39D-AC66A9B364CE"
},
{
"criteria": "cpe:2.3:a:openads:openads:2.0.8_pr1:*:postgresql:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A738F4E4-3778-47EF-948A-E85B8A59DE6D"
},
{
"criteria": "cpe:2.3:a:openads:openads:2.0.9_pr1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1A31E718-D8AA-4FB7-9FF4-66D3E11FD65A"
},
{
"criteria": "cpe:2.3:a:openads:openads:2.0.9_pr1:*:postgresql:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3F133EFD-2CA0-4810-8806-F78020997F58"
}
],
"operator": "OR"
}
]
}
]