2 matches found
CVE-2013-3515
Multiple cross-site scripting XSS vulnerabilities in OpenX Source 2.8.10 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 package parameter to www/admin/plugin-index.php or the 2 group parameter to www/admin/plugin-settings.php...
CVE-2012-4989
OpenX 2.8.10 and earlier versions are vulnerable to a Cross‑Site Scripting (XSS) in admin/plugin-index.php via the parent parameter in the info action (CVE-2012-4989). The root cause is unsanitized input returned to the administrator’s browser. Vendor fixed it in SVN revision 81823 (solution file...