MidnightBSD

Advisories for blair_williams

CVE-2013-1636 MEDIUM

Cross-site scripting (XSS) vulnerability in open-flash-chart.swf in Open Flash Chart (aka Open-Flash Chart), as used in the Pretty Link Lite plugin before 1.6.3 for WordPress, JNews (com_jnews) component 8.0.1 for Joomla!, and CiviCRM 3.1.0 through 4.2.9 and 4.3.0 through 4.3.3, allows remote attackers to inject arbitrary web script or HTML via the get-data parameter.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
civicrm civicrm 3.2.4
civicrm civicrm 4.3.1
blair_williams pretty_link_lite 1.6.0
civicrm civicrm 4.1.1
civicrm civicrm 3.2.0
civicrm civicrm 4.2.6
civicrm civicrm 4.2.4
civicrm civicrm 3.4.0
blair_williams pretty_link_lite *
civicrm civicrm 4.3.3
civicrm civicrm 3.3.1
civicrm civicrm 4.1.4
civicrm civicrm 4.1.3
civicrm civicrm 4.3.2
civicrm civicrm 4.1.6
civicrm civicrm 4.1.2
civicrm civicrm 3.1.5
civicrm civicrm 3.1.6
civicrm civicrm 3.1.3
civicrm civicrm 3.2.1
caseproof prettylinks *
civicrm civicrm 4.0.5
civicrm civicrm 4.2.7
civicrm civicrm 3.1.1
civicrm civicrm 3.3.0
civicrm civicrm 4.2.9
civicrm civicrm 4.2.5
blair_williams pretty_link_lite 1.6.1
civicrm civicrm 3.1.4
caseproof prettylinks 1.6.1
joobi com_jnews 8.0.1
civicrm civicrm 4.2.0
caseproof prettylinks 1.6.0
civicrm civicrm 3.3.6
civicrm civicrm 4.1.0
civicrm civicrm 3.3.3
civicrm civicrm 4.3.0
civicrm civicrm 3.3.5
civicrm civicrm 3.3.2
civicrm civicrm 3.2.3
civicrm civicrm 3.1.0
civicrm civicrm 4.2.2
civicrm civicrm 3.2.2
civicrm civicrm 4.2.8
civicrm civicrm 3.2.5
civicrm civicrm 4.2.1
civicrm civicrm 4.1.5
civicrm civicrm 3.1.2