CVE-2013-1636

Cross-site scripting (XSS) vulnerability in open-flash-chart.swf in Open Flash Chart (aka Open-Flash Chart), as used in the Pretty Link Lite plugin before 1.6.3 for WordPress, JNews (com_jnews) component 8.0.1 for Joomla!, and CiviCRM 3.1.0 through 4.2.9 and 4.3.0 through 4.3.3, allows remote attackers to inject arbitrary web script or HTML via the get-data parameter.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 93%
VendorProductVersion
caseproofprettylinks
𝑥
≤ 1.6.2
caseproofprettylinks
1.6.0
caseproofprettylinks
1.6.1
joobicom_jnews
8.0.1
civicrmcivicrm
3.1.0
civicrmcivicrm
3.1.1
civicrmcivicrm
3.1.2
civicrmcivicrm
3.1.3
civicrmcivicrm
3.1.4
civicrmcivicrm
3.1.5
civicrmcivicrm
3.1.6
civicrmcivicrm
3.2.0
civicrmcivicrm
3.2.1
civicrmcivicrm
3.2.2
civicrmcivicrm
3.2.3
civicrmcivicrm
3.2.4
civicrmcivicrm
3.2.5
civicrmcivicrm
3.3.0
civicrmcivicrm
3.3.1
civicrmcivicrm
3.3.2
civicrmcivicrm
3.3.3
civicrmcivicrm
3.3.5
civicrmcivicrm
3.3.6
civicrmcivicrm
3.4.0
civicrmcivicrm
4.0.5
civicrmcivicrm
4.1.0
civicrmcivicrm
4.1.1
civicrmcivicrm
4.1.2
civicrmcivicrm
4.1.3
civicrmcivicrm
4.1.4
civicrmcivicrm
4.1.5
civicrmcivicrm
4.1.6
civicrmcivicrm
4.2.0
civicrmcivicrm
4.2.1
civicrmcivicrm
4.2.2
civicrmcivicrm
4.2.4
civicrmcivicrm
4.2.5
civicrmcivicrm
4.2.6
civicrmcivicrm
4.2.7
civicrmcivicrm
4.2.8
civicrmcivicrm
4.2.9
civicrmcivicrm
4.3.0
civicrmcivicrm
4.3.1
civicrmcivicrm
4.3.2
civicrmcivicrm
4.3.3
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://archives.neohapsis.com/archives/bugtraq/2013-02/0101.html
http://osvdb.org/90435
http://packetstormsecurity.com/files/120433/WordPress-Pretty-Link-1.6.3-Cross-Site-Scripting.html
http://packetstormsecurity.com/files/121623/Joomla-Jnews-8.0.1-Cross-Site-Scripting.html
http://wordpress.org/plugins/pretty-link/changelog
https://civicrm.org/advisory/civi-sa-2013-002-openflashchart-xss
https://exchange.xforce.ibmcloud.com/vulnerabilities/82242
http://archives.neohapsis.com/archives/bugtraq/2013-02/0101.html
http://osvdb.org/90435
http://packetstormsecurity.com/files/120433/WordPress-Pretty-Link-1.6.3-Cross-Site-Scripting.html
http://packetstormsecurity.com/files/121623/Joomla-Jnews-8.0.1-Cross-Site-Scripting.html
http://wordpress.org/plugins/pretty-link/changelog
https://civicrm.org/advisory/civi-sa-2013-002-openflashchart-xss
https://exchange.xforce.ibmcloud.com/vulnerabilities/82242