Published: 29/07/2013 Updated: 29/08/2017

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 435

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Multiple cross-site scripting (XSS) vulnerabilities in OpenX Source 2.8.10 and previous versions allow remote malicious users to inject arbitrary web script or HTML via the (1) package parameter to www/admin/plugin-index.php or the (2) group parameter to www/admin/plugin-settings.php.

Vulnerable Product	Search on Vulmon	Subscribe to Product
openx openx
openx openx 2.8
openx openx 2.4.9
openx openx 2.4.8
openx openx 2.6.4
openx openx 2.7.29
openx openx 2.6.3
openx openx 2.4.4
openx openx 2.6.1
openx openx 2.6.2
openx openx 2.8.2
openx openx 2.8.3
openx openx 2.8.1
openx openx 2.4
openx openx 2.4.11
openx openx 2.4.10
openx openx 2.8.4
openx openx 2.8.5
openx openx 2.4.5
openx openx 2.4.6
openx openx 2.4.7
openx openx 2.6.0
openx openx 2.6.5

Advisory ID: HTB23155 Product: OpenX Vendor: OpenX Vulnerable Version(s): 2810 and probably prior Tested Version: 2810 Vendor Notification: May 8, 2013 Vendor Patch: June 28, 2013 Public Disclosure: July 3, 2013 Vulnerability Type: PHP File Inclusion [CWE-98], Cross-Site Scripting [CWE-79] CVE References: CVE-2013-3514, CVE-2013-3515 Risk Le ...

OpenX version 2810 suffers from cross site scripting and local file inclusion vulnerabilities ...

CWE-79 http://www.exploit-db.com/exploits/26624 http://seclists.org/bugtraq/2013/Jul/27 http://osvdb.org/94774 https://www.htbridge.com/advisory/HTB23155 https://www.htbridge.com/advisory/HTB23155-openx-changeset-82710.diff https://svn.openx.org/openx/trunk/www/admin/plugin-index.php https://svn.openx.org/openx/trunk/www/admin/plugin-settings.php http://osvdb.org/94775 https://exchange.xforce.ibmcloud.com/vulnerabilities/85411 https://nvd.nist.gov https://www.exploit-db.com/exploits/26624/

CVE-2013-3515

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect