CVE-2013-3639
Xaraya < 2.4.0 - XSS
Title source: ruleDescription
Multiple cross-site scripting (XSS) vulnerabilities in Xaraya 2.4.0-b1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) id, (2) interface, (3) name, or (4) tabmodule parameter to index.php.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by High-Tech Bridge · textwebappsphp
https://www.exploit-db.com/exploits/38596
References (5)
Scores
EPSS
0.0626
EPSS Percentile
90.8%
Details
CWE
CWE-79
Status
published
Products (2)
xaraya/xaraya
< 2.4.0
n/a/n/a
Published
Feb 05, 2014
Tracked Since
Feb 18, 2026