Matteo Beccati

**Name of the Vulnerable Software and Affected Versions** phpAdsNew versions prior to 2.0.8-pr1 phpPgAds versions prior to 2.0.8-pr1 **Description** A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. This is related to injected data that is stored by a delivery script and displayed by the admin interface. **Recommendations** For phpAdsNew versions prior to 2.0.8-pr1, update to version 2.0.8-pr1 or later. For phpPgAds versions prior to 2.0.8-pr1, update to version 2.0.8-pr1 or later.

**Name of the Vulnerable Software and Affected Versions** phpAdsNew (affected versions not specified) phpPgAds versions prior to 2.0.8 **Description** The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML. This can be achieved via certain parameters to the banner delivery module, which is not properly handled in the administrator interface, or via certain parameters to the login form. **Recommendations** For phpAdsNew, at the moment, there is no information about a newer version that contains a fix for this vulnerability. For phpPgAds versions prior to 2.0.8, update to version 2.0.8 or later to resolve the issue. As a temporary workaround, consider restricting access to the banner delivery module and the login form to minimize the risk of exploitation. Avoid using vulnerable parameters in these modules until the issue is resolved.