CVE-2013-3515

EUVD-2013-3450
Multiple cross-site scripting (XSS) vulnerabilities in OpenX Source 2.8.10 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) package parameter to www/admin/plugin-index.php or the (2) group parameter to www/admin/plugin-settings.php.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 90%
Affected Products (NVD)
VendorProductVersion
openxopenx
𝑥
≤ 2.8.10
openxopenx
2.4
openxopenx
2.4.4
openxopenx
2.4.5
openxopenx
2.4.6
openxopenx
2.4.7
openxopenx
2.4.8
openxopenx
2.4.9
openxopenx
2.4.10
openxopenx
2.4.11
openxopenx
2.6.0
openxopenx
2.6.1
openxopenx
2.6.2
openxopenx
2.6.3
openxopenx
2.6.4
openxopenx
2.6.5
openxopenx
2.7.29
openxopenx
2.8
openxopenx
2.8.1
openxopenx
2.8.2
openxopenx
2.8.3
openxopenx
2.8.4
openxopenx
2.8.5
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://osvdb.org/94774
http://osvdb.org/94775
http://seclists.org/bugtraq/2013/Jul/27
http://www.exploit-db.com/exploits/26624
https://exchange.xforce.ibmcloud.com/vulnerabilities/85411
https://svn.openx.org/openx/trunk/www/admin/plugin-index.php
https://svn.openx.org/openx/trunk/www/admin/plugin-settings.php
https://www.htbridge.com/advisory/HTB23155
https://www.htbridge.com/advisory/HTB23155-openx-changeset-82710.diff
http://osvdb.org/94774
http://osvdb.org/94775
http://seclists.org/bugtraq/2013/Jul/27
http://www.exploit-db.com/exploits/26624
https://exchange.xforce.ibmcloud.com/vulnerabilities/85411
https://svn.openx.org/openx/trunk/www/admin/plugin-index.php
https://svn.openx.org/openx/trunk/www/admin/plugin-settings.php
https://www.htbridge.com/advisory/HTB23155
https://www.htbridge.com/advisory/HTB23155-openx-changeset-82710.diff