CVE-2013-3515

Multiple cross-site scripting (XSS) vulnerabilities in OpenX Source 2.8.10 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) package parameter to www/admin/plugin-index.php or the (2) group parameter to www/admin/plugin-settings.php.

Published: Jul 29, 2013
Updated: Nov 9, 2025
CVE: CVE-2013-3515
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N

CWEs:

CWE-79

OWASP TOP 10:

A7 - Cross-Site Scripting (XSS)

Affected Software
References

Software	From	Fixed in
openx / openx	2.8.3	2.8.3.x
openx / openx	2.6.5	2.6.5.x
openx / openx	-	2.8.10.x
openx / openx	2.8.5	2.8.5.x
openx / openx	2.6.2	2.6.2.x
openx / openx	2.6.0	2.6.0.x
openx / openx	2.4.9	2.4.9.x
openx / openx	2.4.4	2.4.4.x
openx / openx	2.4.11	2.4.11.x
openx / openx	2.8	2.8.x
openx / openx	2.4	2.4.x
openx / openx	2.8.2	2.8.2.x
openx / openx	2.4.6	2.4.6.x
openx / openx	2.4.8	2.4.8.x
openx / openx	2.4.7	2.4.7.x
openx / openx	2.7.29	2.7.29.x
openx / openx	2.6.3	2.6.3.x
openx / openx	2.6.1	2.6.1.x
openx / openx	2.6.4	2.6.4.x
openx / openx	2.4.10	2.4.10.x
openx / openx	2.8.1	2.8.1.x
openx / openx	2.8.4	2.8.4.x
openx / openx	2.4.5	2.4.5.x

Vulnerability Database

315,363

CVE-2013-3515

Deep Security Visibility Without the Complexity