Published: 12/03/2014 Updated: 29/08/2017

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 435

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Cross-site scripting (XSS) vulnerability in open-flash-chart.swf in Open Flash Chart (aka Open-Flash Chart), as used in the Pretty Link Lite plugin prior to 1.6.3 for WordPress, JNews (com_jnews) component 8.0.1 for Joomla!, and CiviCRM 3.1.0 up to and including 4.2.9 and 4.3.0 up to and including 4.3.3, allows remote malicious users to inject arbitrary web script or HTML via the get-data parameter.

Vulnerable Product	Search on Vulmon	Subscribe to Product
blair williams pretty link lite 1.6.0
blair williams pretty link lite 1.6.1
blair williams pretty link lite
joobi com jnews 8.0.1
civicrm civicrm 4.3.1
civicrm civicrm 3.1.1
civicrm civicrm 3.1.2
civicrm civicrm 3.2.2
civicrm civicrm 3.2.3
civicrm civicrm 3.3.6
civicrm civicrm 3.4.0
civicrm civicrm 4.1.5
civicrm civicrm 4.1.6
civicrm civicrm 4.2.7
civicrm civicrm 4.2.8
civicrm civicrm 4.3.3
civicrm civicrm 3.1.0
civicrm civicrm 3.2.0
civicrm civicrm 3.2.1
civicrm civicrm 3.3.3
civicrm civicrm 3.3.5
civicrm civicrm 4.1.3
civicrm civicrm 4.1.4
civicrm civicrm 4.2.5
civicrm civicrm 4.2.6
civicrm civicrm 4.3.2
civicrm civicrm 3.1.5
civicrm civicrm 3.1.6
civicrm civicrm 3.3.0
civicrm civicrm 3.3.1
civicrm civicrm 3.3.2
civicrm civicrm 4.1.1
civicrm civicrm 4.1.2
civicrm civicrm 4.2.2
civicrm civicrm 4.2.4
civicrm civicrm 4.3.0
civicrm civicrm 3.1.3
civicrm civicrm 3.1.4
civicrm civicrm 3.2.4
civicrm civicrm 3.2.5
civicrm civicrm 4.0.5
civicrm civicrm 4.1.0
civicrm civicrm 4.2.0
civicrm civicrm 4.2.1
civicrm civicrm 4.2.9

Debian Bug report logs - #742859 XSS vulnerability in open-flash-chartswf (CVE-2013-1636) Package: biomaj-watcher; Maintainer for biomaj-watcher is Debian Med Packaging Team <debian-med-packaging@listsaliothdebianorg>; Source for biomaj-watcher is src:biomaj-watcher (PTS, buildd, popcon) Reported by: Thijs Kinkhorst < ...

source: wwwsecurityfocuscom/bid/58072/info The Pretty Link plugin for WordPress is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site This c ...

WordPress Pretty Link plugin version 163 suffers from a cross site scripting vulnerability ...

dotDefender Firewall versions 50012865 and 513-13282 suffer from a cross site scripting vulnerability ...

CWE-79 http://packetstormsecurity.com/files/120433/WordPress-Pretty-Link-1.6.3-Cross-Site-Scripting.html https://civicrm.org/advisory/civi-sa-2013-002-openflashchart-xss http://archives.neohapsis.com/archives/bugtraq/2013-02/0101.html http://osvdb.org/90435 http://packetstormsecurity.com/files/121623/Joomla-Jnews-8.0.1-Cross-Site-Scripting.html http://wordpress.org/plugins/pretty-link/changelog https://exchange.xforce.ibmcloud.com/vulnerabilities/82242 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742859 https://nvd.nist.gov https://www.exploit-db.com/exploits/38324/

CVE-2013-1636

Vulnerability Summary

Vendor Advisories

Exploits

References

Vulmon Search

About

Products

Connect