fkie_nvd - fkie_cve-2013-1636

fkie_cve-2013-1636

Vulnerability from fkie_nvd

Published

2014-03-12 14:55

Modified

2025-04-12 10:46

Severity ?

Summary

Cross-site scripting (XSS) vulnerability in open-flash-chart.swf in Open Flash Chart (aka Open-Flash Chart), as used in the Pretty Link Lite plugin before 1.6.3 for WordPress, JNews (com_jnews) component 8.0.1 for Joomla!, and CiviCRM 3.1.0 through 4.2.9 and 4.3.0 through 4.3.3, allows remote attackers to inject arbitrary web script or HTML via the get-data parameter.

References

URL	Tags
cve@mitre.org	http://archives.neohapsis.com/archives/bugtraq/2013-02/0101.html	Exploit, Patch
cve@mitre.org	http://osvdb.org/90435
cve@mitre.org	http://packetstormsecurity.com/files/120433/WordPress-Pretty-Link-1.6.3-Cross-Site-Scripting.html
cve@mitre.org	http://packetstormsecurity.com/files/121623/Joomla-Jnews-8.0.1-Cross-Site-Scripting.html
cve@mitre.org	http://wordpress.org/plugins/pretty-link/changelog
cve@mitre.org	https://civicrm.org/advisory/civi-sa-2013-002-openflashchart-xss	Patch, Vendor Advisory
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/82242
af854a3a-2127-422b-91ae-364da2661108	http://archives.neohapsis.com/archives/bugtraq/2013-02/0101.html	Exploit, Patch
af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/90435
af854a3a-2127-422b-91ae-364da2661108	http://packetstormsecurity.com/files/120433/WordPress-Pretty-Link-1.6.3-Cross-Site-Scripting.html
af854a3a-2127-422b-91ae-364da2661108	http://packetstormsecurity.com/files/121623/Joomla-Jnews-8.0.1-Cross-Site-Scripting.html
af854a3a-2127-422b-91ae-364da2661108	http://wordpress.org/plugins/pretty-link/changelog
af854a3a-2127-422b-91ae-364da2661108	https://civicrm.org/advisory/civi-sa-2013-002-openflashchart-xss	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/82242

Impacted products

Vendor	Product	Version
caseproof	prettylinks	*
caseproof	prettylinks	1.6.0
caseproof	prettylinks	1.6.1
joobi	com_jnews	8.0.1
civicrm	civicrm	3.1.0
civicrm	civicrm	3.1.1
civicrm	civicrm	3.1.2
civicrm	civicrm	3.1.3
civicrm	civicrm	3.1.4
civicrm	civicrm	3.1.5
civicrm	civicrm	3.1.6
civicrm	civicrm	3.2.0
civicrm	civicrm	3.2.1
civicrm	civicrm	3.2.2
civicrm	civicrm	3.2.3
civicrm	civicrm	3.2.4
civicrm	civicrm	3.2.5
civicrm	civicrm	3.3.0
civicrm	civicrm	3.3.1
civicrm	civicrm	3.3.2
civicrm	civicrm	3.3.3
civicrm	civicrm	3.3.5
civicrm	civicrm	3.3.6
civicrm	civicrm	3.4.0
civicrm	civicrm	4.0.5
civicrm	civicrm	4.1.0
civicrm	civicrm	4.1.1
civicrm	civicrm	4.1.2
civicrm	civicrm	4.1.3
civicrm	civicrm	4.1.4
civicrm	civicrm	4.1.5
civicrm	civicrm	4.1.6
civicrm	civicrm	4.2.0
civicrm	civicrm	4.2.1
civicrm	civicrm	4.2.2
civicrm	civicrm	4.2.4
civicrm	civicrm	4.2.5
civicrm	civicrm	4.2.6
civicrm	civicrm	4.2.7
civicrm	civicrm	4.2.8
civicrm	civicrm	4.2.9
civicrm	civicrm	4.3.0
civicrm	civicrm	4.3.1
civicrm	civicrm	4.3.2
civicrm	civicrm	4.3.3

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:caseproof:prettylinks:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E8B2E67D-328E-464E-9515-11CCA4981683",
              "versionEndIncluding": "1.6.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:caseproof:prettylinks:1.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7DC8B0DD-82DA-4E41-A4B1-B3B80AF1C920",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:caseproof:prettylinks:1.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4F7FED3-B2CC-45A3-B681-6C8CB4A49A50",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:joobi:com_jnews:8.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8AD0BA68-0C46-490D-A823-4FE036CE2A65",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:civicrm:civicrm:3.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8EB2849E-075B-4527-BC0C-16F8995FEB01",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:civicrm:civicrm:3.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D90C3D94-A671-4DDF-9EA9-2E566074C331",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:civicrm:civicrm:3.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "120AFFD9-0A07-454F-BA0E-BA15483FA67F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:civicrm:civicrm:3.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC97E96B-60C6-4E60-AFB1-0CF80E8374F5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:civicrm:civicrm:3.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "C5E77401-E9FB-4749-AC53-2FDCBFEEE735",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:civicrm:civicrm:3.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "1D50DEDE-0270-444B-8305-4A6A40460A95",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:civicrm:civicrm:3.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "500B70AA-A2C7-4D09-A0C7-204D9AD7DAAF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:civicrm:civicrm:3.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FEEF5DEB-7695-4F98-8BC9-42220C8AD84B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:civicrm:civicrm:3.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "933C9C9F-8688-42CD-A2D1-905D75356741",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:civicrm:civicrm:3.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "022E4D21-2495-4811-A5CB-E25109A5775C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:civicrm:civicrm:3.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "439DEFCA-A232-4C2D-AB74-99A39965B15A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:civicrm:civicrm:3.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "5138B28C-EB4E-424F-9917-1E958BCF88FF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:civicrm:civicrm:3.2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "F2D8E402-A368-4A18-9655-E137DAC3E847",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:civicrm:civicrm:3.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3DF0E728-E3EB-46CC-80D2-8BE48095DF73",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:civicrm:civicrm:3.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "EFB4A1BA-9414-4953-BD13-5439020022C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:civicrm:civicrm:3.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9A48C77-41A4-4991-A0A4-622BB0AE2474",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:civicrm:civicrm:3.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "C58952C9-A419-43C1-8E3E-230DCFC3497A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:civicrm:civicrm:3.3.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "6B935BAA-681C-4E4C-A40E-65C3AD8EF17F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:civicrm:civicrm:3.3.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "CF9D3805-A64D-4F33-847C-391225BD4EFB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:civicrm:civicrm:3.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0743EE73-C87F-4D3D-9542-2F640A99E630",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:civicrm:civicrm:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "DD2119DA-2E27-4FA5-9C7D-698A3E9A524A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:civicrm:civicrm:4.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C684AD9B-7BEE-410B-AA1F-C1C4C002BB99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:civicrm:civicrm:4.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "888273E2-F272-4445-985F-CB9C6F02716B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:civicrm:civicrm:4.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D4F4746C-7656-43AD-B14B-66D72E9BA7A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:civicrm:civicrm:4.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "BF0AADD5-E0B7-4626-A35E-C37FD3A74306",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:civicrm:civicrm:4.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D2E932CC-5C45-4E7A-A526-EA8F9E853F34",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:civicrm:civicrm:4.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "760B8B8D-E42E-410E-BFEC-A2B90BAA57FC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:civicrm:civicrm:4.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B8C5031-3ABA-4C0A-BFDE-DAA531D8E3CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:civicrm:civicrm:4.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C8CBF12E-640F-4752-8F52-B5B3D4015FC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:civicrm:civicrm:4.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0A22C3AE-2E98-465C-B24C-725BEB99E943",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:civicrm:civicrm:4.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "21DDDCA1-78A1-4FFB-B180-7D0D20FE4FDA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:civicrm:civicrm:4.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "8C5B0394-3C38-454F-BF55-82AADCDEBE9A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:civicrm:civicrm:4.2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F3D157E-9132-4EA9-A395-6E46C4C3C032",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:civicrm:civicrm:4.2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "33E5813B-160F-48B2-91B2-4599048028A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:civicrm:civicrm:4.2.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "CC6A767A-D530-479B-9E3B-6FB49FD0B8FB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:civicrm:civicrm:4.2.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "8D80D5F9-B4D9-41C9-B157-3FE31B54EDBF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:civicrm:civicrm:4.2.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "1647D812-6174-4613-B57B-8BEF5C3877C5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:civicrm:civicrm:4.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "074C6767-AC29-4A80-8A51-16DD69BFEAA3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:civicrm:civicrm:4.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "FE6A4EB0-3143-41AF-B4CF-26C736BEF2A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:civicrm:civicrm:4.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "5B8BBCB1-99D0-4634-BAD6-495B9D040A4C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:civicrm:civicrm:4.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "ECC01A92-9252-4184-B11A-39D077E761C5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in open-flash-chart.swf in Open Flash Chart (aka Open-Flash Chart), as used in the Pretty Link Lite plugin before 1.6.3 for WordPress, JNews (com_jnews) component 8.0.1 for Joomla!, and CiviCRM 3.1.0 through 4.2.9 and 4.3.0 through 4.3.3, allows remote attackers to inject arbitrary web script or HTML via the get-data parameter."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de XSS en open-flash-chart.swf en Open Flash Chart (tambi\u00e9n conocido como Open-Flash Chart), utilizado en el plugin Pretty Link Lite anterior a 1.6.3 para WordPress, el componente 8.0.1 de JNews (com_jnews) para Joomla! y CiviCRM 3.1.0 hasta 4.2.9 y 4.3.0 hasta 4.3.3, permite a atacantes remotos inyectar script Web o HTML arbitrarios a trav\u00e9s del par\u00e1metro get-data."
    }
  ],
  "id": "CVE-2013-1636",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2014-03-12T14:55:26.600",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "http://archives.neohapsis.com/archives/bugtraq/2013-02/0101.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://osvdb.org/90435"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://packetstormsecurity.com/files/120433/WordPress-Pretty-Link-1.6.3-Cross-Site-Scripting.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://packetstormsecurity.com/files/121623/Joomla-Jnews-8.0.1-Cross-Site-Scripting.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://wordpress.org/plugins/pretty-link/changelog"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://civicrm.org/advisory/civi-sa-2013-002-openflashchart-xss"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82242"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "http://archives.neohapsis.com/archives/bugtraq/2013-02/0101.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/90435"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://packetstormsecurity.com/files/120433/WordPress-Pretty-Link-1.6.3-Cross-Site-Scripting.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://packetstormsecurity.com/files/121623/Joomla-Jnews-8.0.1-Cross-Site-Scripting.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://wordpress.org/plugins/pretty-link/changelog"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://civicrm.org/advisory/civi-sa-2013-002-openflashchart-xss"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82242"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2013-1636 (GCVE-0-2013-1636)

Vulnerability from cvelistv5

Published

2014-03-12 14:00