CVE-2013-3515

Openx < 2.8.10 - XSS

Title source: rule

Description

Multiple cross-site scripting (XSS) vulnerabilities in OpenX Source 2.8.10 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) package parameter to www/admin/plugin-index.php or the (2) group parameter to www/admin/plugin-settings.php.

Exploits (1)

exploitdb WORKING POC

by High-Tech Bridge SA · textwebappsphp

https://www.exploit-db.com/exploits/26624

View Code ZIP pw:eip

References (9)

[Exploit] http://seclists.org/bugtraq/2013/Jul/27

[Exploit] http://www.exploit-db.com/exploits/26624

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/85411

[Patch] https://svn.openx.org/openx/trunk/www/admin/plugin-index.php

[Patch] https://svn.openx.org/openx/trunk/www/admin/plugin-settings.php

[Exploit] https://www.htbridge.com/advisory/HTB23155

[Vendor Advisory] https://www.htbridge.com/advisory/HTB23155-openx-changeset-82710.diff

[Third Party Advisory, VDB Entry] http://osvdb.org/94774

[Third Party Advisory, VDB Entry] http://osvdb.org/94775

Scores

EPSS 0.0601

EPSS Percentile 90.5%

Classification

CWE

CWE-79

Status draft

Affected Products (23)

openx/openx < 2.8.10

openx/openx

openx/openx

openx/openx

openx/openx

openx/openx

openx/openx

openx/openx

openx/openx

openx/openx

openx/openx

openx/openx

openx/openx

openx/openx

openx/openx

... and 8 more

Timeline

Published Jul 29, 2013

Tracked Since Feb 18, 2026