Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2013-1636

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2013-1636
Last Modified 14 Mar 2014 02:39:12
Published 12 Mar 2014 10:55:26
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2013-1636

Summary

Cross-site scripting (XSS) vulnerability in open-flash-chart.swf in Open Flash Chart (aka Open-Flash Chart), as used in the Pretty Link Lite plugin before 1.6.3 for WordPress, JNews (com_jnews) component 8.0.1 for Joomla!, and CiviCRM 3.1.0 through 4.2.9 and 4.3.0 through 4.3.3, allows remote attackers to inject arbitrary web script or HTML via the get-data parameter.

Vulnerable Systems

Application

  • Blair Williams Pretty Link Lite 1.6.0

  • Blair Williams Pretty Link Lite 1.6.1

  • Blair Williams Pretty Link Lite 1.6.2

  • Civicrm 3.1.0

  • Civicrm 3.1.1

  • Civicrm 3.1.2

  • Civicrm 3.1.3

  • Civicrm 3.1.4

  • Civicrm 3.1.5

  • Civicrm 3.1.6

  • Civicrm 3.2.0

  • Civicrm 3.2.1

  • Civicrm 3.2.2

  • Civicrm 3.2.3

  • Civicrm 3.2.4

  • Civicrm 3.2.5

  • Civicrm 3.3.0

  • Civicrm 3.3.1

  • Civicrm 3.3.2

  • Civicrm 3.3.3

  • Civicrm 3.3.5

  • Civicrm 3.3.6

  • Civicrm 3.4.0

  • Civicrm 4.0.5

  • Civicrm 4.1.0

  • Civicrm 4.1.1

  • Civicrm 4.1.2

  • Civicrm 4.1.3

  • Civicrm 4.1.4

  • Civicrm 4.1.5

  • Civicrm 4.1.6

  • Civicrm 4.2.0

  • Civicrm 4.2.1

  • Civicrm 4.2.2

  • Civicrm 4.2.4

  • Civicrm 4.2.5

  • Civicrm 4.2.6

  • Civicrm 4.2.7

  • Civicrm 4.2.8

  • Civicrm 4.2.9

  • Civicrm 4.3.0

  • Civicrm 4.3.1

  • Civicrm 4.3.2

  • Civicrm 4.3.3

  • Joobi Com Jnews 8.0.1


References

CONFIRM - https://civicrm.org/advisory/civi-sa-2013-002-openflashchart-xss

XF - prettylinklite-openflashchart-xss(82242)

MISC - http://wordpress.org/plugins/pretty-link/changelog

MISC - http://packetstormsecurity.com/files/121623/Joomla-Jnews-8.0.1-Cross-Site-Scripting.html

MISC - http://packetstormsecurity.com/files/120433/WordPress-Pretty-Link-1.6.3-Cross-Site-Scripting.html

OSVDB - 90435

BUGTRAQ - 20130220 [CVE-2013-1636]Wordpress pretty-link plugin XSS in SWF‏


Last Updated: 27 May 2016 11:04:38