HTB23116: OpenX cross-site scripting & SQL injection vulnerabilities

Multiple vulnerabilities in OpenX have been discovered by High-Tech Bridge Security Research Lab 3 week ago and disclosed this week.

• Cross-Site Scripting (XSS) in OpenX: Input passed via the "parent" GET parameter to "www/admin/plugin-index.php" is not properly sanitised before being returned to the user.

• SQL Injection in OpenX: Input passed via the "ids[]" POST parameter to "www/admin/campaign-zone-link.php" is not properly sanitised before being used in SQL query.

To fix this issues replace files from SVN repository as mentioned in High-Tech Bridge security advisory HTB23116: Multiple vulnerabilities in OpenX. PoC examples also available on researcher's page.