CVE-2005-0791

Name of the Vulnerable Software and Affected Versions phpAdsNew version 2.0.4-pr1

Description The issue is related to a cross-site scripting (XSS) vulnerability. This occurs when an attacker can inject arbitrary web script or HTML into a website, potentially allowing them to steal user data or take control of the user's session. The vulnerability is specifically in the adframe.php file and can be exploited when the register globals setting is enabled. The refresh parameter is the vulnerable point of entry for this attack.

Recommendations For phpAdsNew version 2.0.4-pr1, consider disabling the register globals setting to prevent exploitation. Additionally, restrict access to the adframe.php file and avoid using the refresh parameter until a fix is available.