CVE-2013-1636 in CiviCRMinfo

Summary

Cross-site scripting (XSS) vulnerability in open-flash-chart.swf in Open Flash Chart (aka Open-Flash Chart), as used in the Pretty Link Lite plugin before 1.6.3 for WordPress, JNews (com_jnews) component 8.0.1 for Joomla!, and CiviCRM 3.1.0 through 4.2.9 and 4.3.0 through 4.3.3, allows remote attackers to inject arbitrary web script or HTML via the get-data parameter.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

Reservation

02/07/2013

Disclosure

03/12/2014

Status

Confirmed

Entries

VulDB provides additional information and datapoints for this CVE:

ID	Vulnerability	CWE	Exp	Cou	CVE
66606	CiviCRM open-flash-chart.swf cross site scripting	79	Proof-of-Concept	Not defined	CVE-2013-1636

Description

CPE

CWE

CVSS

Exploits

History

Diff

Relate

Threat Intelligence

API JSON

API XML

API CSV

Sources

MITRE
NVD
CVE Details

◂ PreviousOverviewNext ▸

Do you know our Splunk app?

Download it now for free!