435
VMScore

CVE-2013-1636

Published: 12/03/2014 Updated: 29/08/2017
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
VMScore: 435
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Vulnerability Summary

Cross-site scripting (XSS) vulnerability in open-flash-chart.swf in Open Flash Chart (aka Open-Flash Chart), as used in the Pretty Link Lite plugin prior to 1.6.3 for WordPress, JNews (com_jnews) component 8.0.1 for Joomla!, and CiviCRM 3.1.0 through 4.2.9 and 4.3.0 through 4.3.3, allows remote attackers to inject arbitrary web script or HTML via the get-data parameter.

Affected Products

Vendor Product Versions
Blair WilliamsPretty Link Lite1.6.0, 1.6.1, 1.6.2
CivicrmCivicrm3.1.0, 3.1.1, 3.1.2, 3.1.3, 3.1.4, 3.1.5, 3.1.6, 3.2.0, 3.2.1, 3.2.2, 3.2.3, 3.2.4, 3.2.5, 3.3.0, 3.3.1, 3.3.2, 3.3.3, 3.3.5, 3.3.6, 3.4.0, 4.0.5, 4.1.0, 4.1.1, 4.1.2, 4.1.3, 4.1.4, 4.1.5, 4.1.6, 4.2.0, 4.2.1, 4.2.2, 4.2.4, 4.2.5, 4.2.6, 4.2.7, 4.2.8, 4.2.9, 4.3.0, 4.3.1, 4.3.2, 4.3.3
JoobiCom Jnews8.0.1

Vendor Advisories

Debian Bug report logs - #742859 XSS vulnerability in open-flash-chartswf (CVE-2013-1636) Package: biomaj-watcher; Maintainer for biomaj-watcher is Debian Med Packaging Team <debian-med-packaging@listsaliothdebianorg>; Source for biomaj-watcher is src:biomaj-watcher (PTS, buildd, popcon) Reported by: Thijs Kinkhorst < ...

Exploits

source: wwwsecurityfocuscom/bid/58072/info The Pretty Link plugin for WordPress is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site This c ...

Mailing Lists

dotDefender Firewall versions 50012865 and 513-13282 suffer from a cross site scripting vulnerability ...
WordPress Pretty Link plugin version 163 suffers from a cross site scripting vulnerability ...