CVE-2013-3515

Multiple cross-site scripting (XSS) vulnerabilities in OpenX Source 2.8.10 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) package parameter to www/admin/plugin-index.php or the (2) group parameter to www/admin/plugin-settings.php.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 90%
VendorProductVersion
openxopenx
𝑥
≤ 2.8.10
openxopenx
2.4
openxopenx
2.4.4
openxopenx
2.4.5
openxopenx
2.4.6
openxopenx
2.4.7
openxopenx
2.4.8
openxopenx
2.4.9
openxopenx
2.4.10
openxopenx
2.4.11
openxopenx
2.6.0
openxopenx
2.6.1
openxopenx
2.6.2
openxopenx
2.6.3
openxopenx
2.6.4
openxopenx
2.6.5
openxopenx
2.7.29
openxopenx
2.8
openxopenx
2.8.1
openxopenx
2.8.2
openxopenx
2.8.3
openxopenx
2.8.4
openxopenx
2.8.5
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://osvdb.org/94774
http://osvdb.org/94775
http://seclists.org/bugtraq/2013/Jul/27
http://www.exploit-db.com/exploits/26624
https://exchange.xforce.ibmcloud.com/vulnerabilities/85411
https://svn.openx.org/openx/trunk/www/admin/plugin-index.php
https://svn.openx.org/openx/trunk/www/admin/plugin-settings.php
https://www.htbridge.com/advisory/HTB23155
https://www.htbridge.com/advisory/HTB23155-openx-changeset-82710.diff
http://osvdb.org/94774
http://osvdb.org/94775
http://seclists.org/bugtraq/2013/Jul/27
http://www.exploit-db.com/exploits/26624
https://exchange.xforce.ibmcloud.com/vulnerabilities/85411
https://svn.openx.org/openx/trunk/www/admin/plugin-index.php
https://svn.openx.org/openx/trunk/www/admin/plugin-settings.php
https://www.htbridge.com/advisory/HTB23155
https://www.htbridge.com/advisory/HTB23155-openx-changeset-82710.diff