Description
Multiple cross-site scripting (XSS) vulnerabilities in OpenX Source 2.8.10 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) package parameter to www/admin/plugin-index.php or the (2) group parameter to www/admin/plugin-settings.php.
Exploits (1)
exploitdb
WORKING POC
by High-Tech Bridge SA · textwebappsphp
https://www.exploit-db.com/exploits/26624
References (9)
Core 9
Core References
Vendor Advisory x_refsource_misc
https://www.htbridge.com/advisory/HTB23155-openx-changeset-82710.diff
Patch x_refsource_misc
https://svn.openx.org/openx/trunk/www/admin/plugin-settings.php
Patch x_refsource_misc
https://svn.openx.org/openx/trunk/www/admin/plugin-index.php
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/85411
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/94774
Exploit mailing-list
x_refsource_bugtraq
http://seclists.org/bugtraq/2013/Jul/27
Exploit x_refsource_misc
https://www.htbridge.com/advisory/HTB23155
Exploit exploit
x_refsource_exploit-db
http://www.exploit-db.com/exploits/26624
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/94775
Scores
EPSS
0.0601
EPSS Percentile
90.7%
Details
CWE
CWE-79
Status
published
Products (23)
openx/openx
2.4
openx/openx
2.4.4
openx/openx
2.4.5
openx/openx
2.4.6
openx/openx
2.4.7
openx/openx
2.4.8
openx/openx
2.4.9
openx/openx
2.4.10
openx/openx
2.4.11
openx/openx
2.6.0
... and 13 more
Published
Jul 29, 2013
Tracked Since
Feb 18, 2026