CVE-2007-0477

Name of the Vulnerable Software and Affected Versions Openads versions 2.0.x through 2.0.9 Openads version 2.3 through 2.3.30 phpAdsNew/phpPgAds versions prior to 2.0.9-pr1

Description A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via the keyword parameter in "admin-search.php" and "affiliate-search.php".

Recommendations For Openads versions 2.0.x through 2.0.9, update to version 2.0.10 or later. For Openads version 2.3 through 2.3.30, update to version 2.3.31 or later. For phpAdsNew/phpPgAds versions prior to 2.0.9-pr1, update to version 2.0.9-pr1 or later. As a temporary workaround, consider restricting access to the admin-search.php and affiliate-search.php endpoints until a patch is available. Avoid using the keyword parameter in the affected API endpoints until the issue is resolved.