Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
16 vulnerabilities by pivotx
CVE-2025-52367 (GCVE-0-2025-52367)
Vulnerability from cvelistv5 – Published: 2025-09-22 00:00 – Updated: 2025-09-23 18:13
VLAI
Summary
Cross Site Scripting vulnerability in PivotX CMS v.3.0.0 RC 3 allows a remote attacker to execute arbitrary code via the subtitle field.
Severity
5.4 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- n/a
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
2 references
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-52367",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-23T16:03:07.593751Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-23T18:13:24.806Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://medium.com/@hayton1088/cve-2025-52367-stored-xss-to-rce-via-privilege-escalation-in-pivotx-cms-v3-0-0-rc-3-a1b870bcb7b3"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross Site Scripting vulnerability in PivotX CMS v.3.0.0 RC 3 allows a remote attacker to execute arbitrary code via the subtitle field."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-22T18:43:18.692Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "http://pivotx.com"
},
{
"url": "https://medium.com/@hayton1088/cve-2025-52367-stored-xss-to-rce-via-privilege-escalation-in-pivotx-cms-v3-0-0-rc-3-a1b870bcb7b3"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-52367",
"datePublished": "2025-09-22T00:00:00.000Z",
"dateReserved": "2025-06-16T00:00:00.000Z",
"dateUpdated": "2025-09-23T18:13:24.806Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-14958 (GCVE-0-2017-14958)
Vulnerability from cvelistv5 – Published: 2017-10-01 15:00 – Updated: 2024-08-05 19:42
VLAI
Summary
lib.php in PivotX 2.3.11 does not properly block uploads of dangerous file types by admin users, which allows remote PHP code execution via an upload of a .php file.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://sourceforge.net/p/pivot-weblog/code/4490/ | x_refsource_CONFIRM |
Date Public
2017-10-01 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:42:22.500Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://sourceforge.net/p/pivot-weblog/code/4490/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-10-01T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "lib.php in PivotX 2.3.11 does not properly block uploads of dangerous file types by admin users, which allows remote PHP code execution via an upload of a .php file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-01T15:57:02.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://sourceforge.net/p/pivot-weblog/code/4490/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-14958",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "lib.php in PivotX 2.3.11 does not properly block uploads of dangerous file types by admin users, which allows remote PHP code execution via an upload of a .php file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://sourceforge.net/p/pivot-weblog/code/4490/",
"refsource": "CONFIRM",
"url": "https://sourceforge.net/p/pivot-weblog/code/4490/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-14958",
"datePublished": "2017-10-01T15:00:00.000Z",
"dateReserved": "2017-10-01T00:00:00.000Z",
"dateUpdated": "2024-08-05T19:42:22.500Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-9332 (GCVE-0-2017-9332)
Vulnerability from cvelistv5 – Published: 2017-06-06 14:00 – Updated: 2024-08-05 17:02
VLAI
Summary
The smarty_self function in modules/module_smarty.php in PivotX 2.3.11 mishandles the URI, allowing XSS via vectors involving quotes in the self Smarty tag.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://sourceforge.net/p/pivot-weblog/code/4487/ | x_refsource_MISC |
Date Public
2017-06-06 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:02:44.346Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://sourceforge.net/p/pivot-weblog/code/4487/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-06-06T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The smarty_self function in modules/module_smarty.php in PivotX 2.3.11 mishandles the URI, allowing XSS via vectors involving quotes in the self Smarty tag."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-06T11:57:02.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://sourceforge.net/p/pivot-weblog/code/4487/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-9332",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The smarty_self function in modules/module_smarty.php in PivotX 2.3.11 mishandles the URI, allowing XSS via vectors involving quotes in the self Smarty tag."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://sourceforge.net/p/pivot-weblog/code/4487/",
"refsource": "MISC",
"url": "https://sourceforge.net/p/pivot-weblog/code/4487/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-9332",
"datePublished": "2017-06-06T14:00:00.000Z",
"dateReserved": "2017-05-31T00:00:00.000Z",
"dateUpdated": "2024-08-05T17:02:44.346Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-8402 (GCVE-0-2017-8402)
Vulnerability from cvelistv5 – Published: 2017-05-31 03:54 – Updated: 2024-08-05 16:34
VLAI
Summary
PivotX 2.3.11 allows remote authenticated users to execute arbitrary PHP code via vectors involving an upload of a .htaccess file.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://sourceforge.net/p/pivot-weblog/code/4489/ | x_refsource_MISC |
Date Public
2017-05-30 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:34:22.904Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://sourceforge.net/p/pivot-weblog/code/4489/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-05-30T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "PivotX 2.3.11 allows remote authenticated users to execute arbitrary PHP code via vectors involving an upload of a .htaccess file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-05-31T03:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://sourceforge.net/p/pivot-weblog/code/4489/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-8402",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PivotX 2.3.11 allows remote authenticated users to execute arbitrary PHP code via vectors involving an upload of a .htaccess file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://sourceforge.net/p/pivot-weblog/code/4489/",
"refsource": "MISC",
"url": "https://sourceforge.net/p/pivot-weblog/code/4489/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-8402",
"datePublished": "2017-05-31T03:54:00.000Z",
"dateReserved": "2017-05-01T00:00:00.000Z",
"dateUpdated": "2024-08-05T16:34:22.904Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-7570 (GCVE-0-2017-7570)
Vulnerability from cvelistv5 – Published: 2017-04-07 04:33 – Updated: 2024-08-05 16:04
VLAI
Summary
PivotX 2.3.11 allows remote authenticated Advanced users to execute arbitrary PHP code by performing an upload with a safe file extension (such as .jpg) and then invoking the duplicate function to change to the .php extension.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://gist.github.com/X1nda/749b6aac6e080624d9f… | x_refsource_MISC |
Date Public
2017-04-06 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:04:12.041Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gist.github.com/X1nda/749b6aac6e080624d9f8ec81321335df"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-04-06T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "PivotX 2.3.11 allows remote authenticated Advanced users to execute arbitrary PHP code by performing an upload with a safe file extension (such as .jpg) and then invoking the duplicate function to change to the .php extension."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-04-07T04:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gist.github.com/X1nda/749b6aac6e080624d9f8ec81321335df"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-7570",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PivotX 2.3.11 allows remote authenticated Advanced users to execute arbitrary PHP code by performing an upload with a safe file extension (such as .jpg) and then invoking the duplicate function to change to the .php extension."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gist.github.com/X1nda/749b6aac6e080624d9f8ec81321335df",
"refsource": "MISC",
"url": "https://gist.github.com/X1nda/749b6aac6e080624d9f8ec81321335df"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-7570",
"datePublished": "2017-04-07T04:33:00.000Z",
"dateReserved": "2017-04-06T00:00:00.000Z",
"dateUpdated": "2024-08-05T16:04:12.041Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-5458 (GCVE-0-2015-5458)
Vulnerability from cvelistv5 – Published: 2015-07-08 15:00 – Updated: 2024-08-06 06:50
VLAI
Summary
Session fixation vulnerability in fileupload.php in PivotX before 2.3.11 allows remote attackers to hijack web sessions via the sess parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://software-talk.org/blog/2015/06/session-fix… | x_refsource_MISC |
| http://packetstormsecurity.com/files/132474/Pivot… | x_refsource_MISC |
| http://blog.pivotx.net/archive/2015/06/21/pivotx-… | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/75577 | vdb-entryx_refsource_BID |
| http://sourceforge.net/p/pivot-weblog/code/4450/t… | x_refsource_CONFIRM |
| http://www.securityfocus.com/archive/1/535860/100… | mailing-listx_refsource_BUGTRAQ |
Date Public
2015-06-27 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:50:02.403Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://software-talk.org/blog/2015/06/session-fixation-xss-code-execution-vulnerability-pivotx/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/132474/PivotX-2.3.10-Session-Fixation-XSS-Code-Execution.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://blog.pivotx.net/archive/2015/06/21/pivotx-2311-released"
},
{
"name": "75577",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/75577"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/p/pivot-weblog/code/4450/tree//branches/2.3.x/pivotx/fileupload.php?diff=51a4cb5e34309d75c0d1612a:4449"
},
{
"name": "20150627 Session Fixation, Reflected XSS, Code Execution in PivotX 2.3.10",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/535860/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-06-27T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Session fixation vulnerability in fileupload.php in PivotX before 2.3.11 allows remote attackers to hijack web sessions via the sess parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://software-talk.org/blog/2015/06/session-fixation-xss-code-execution-vulnerability-pivotx/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/132474/PivotX-2.3.10-Session-Fixation-XSS-Code-Execution.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://blog.pivotx.net/archive/2015/06/21/pivotx-2311-released"
},
{
"name": "75577",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/75577"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/p/pivot-weblog/code/4450/tree//branches/2.3.x/pivotx/fileupload.php?diff=51a4cb5e34309d75c0d1612a:4449"
},
{
"name": "20150627 Session Fixation, Reflected XSS, Code Execution in PivotX 2.3.10",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/535860/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-5458",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Session fixation vulnerability in fileupload.php in PivotX before 2.3.11 allows remote attackers to hijack web sessions via the sess parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://software-talk.org/blog/2015/06/session-fixation-xss-code-execution-vulnerability-pivotx/",
"refsource": "MISC",
"url": "http://software-talk.org/blog/2015/06/session-fixation-xss-code-execution-vulnerability-pivotx/"
},
{
"name": "http://packetstormsecurity.com/files/132474/PivotX-2.3.10-Session-Fixation-XSS-Code-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/132474/PivotX-2.3.10-Session-Fixation-XSS-Code-Execution.html"
},
{
"name": "http://blog.pivotx.net/archive/2015/06/21/pivotx-2311-released",
"refsource": "CONFIRM",
"url": "http://blog.pivotx.net/archive/2015/06/21/pivotx-2311-released"
},
{
"name": "75577",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/75577"
},
{
"name": "http://sourceforge.net/p/pivot-weblog/code/4450/tree//branches/2.3.x/pivotx/fileupload.php?diff=51a4cb5e34309d75c0d1612a:4449",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/p/pivot-weblog/code/4450/tree//branches/2.3.x/pivotx/fileupload.php?diff=51a4cb5e34309d75c0d1612a:4449"
},
{
"name": "20150627 Session Fixation, Reflected XSS, Code Execution in PivotX 2.3.10",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/535860/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-5458",
"datePublished": "2015-07-08T15:00:00.000Z",
"dateReserved": "2015-07-08T00:00:00.000Z",
"dateUpdated": "2024-08-06T06:50:02.403Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-5457 (GCVE-0-2015-5457)
Vulnerability from cvelistv5 – Published: 2015-07-08 15:00 – Updated: 2024-08-06 06:50
VLAI
Summary
PivotX before 2.3.11 does not validate the new file extension when renaming a file with multiple extensions, which allows remote attackers to execute arbitrary code by uploading a crafted file, as demonstrated by a file named foo.php.php.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://software-talk.org/blog/2015/06/session-fix… | x_refsource_MISC |
| http://packetstormsecurity.com/files/132474/Pivot… | x_refsource_MISC |
| http://blog.pivotx.net/archive/2015/06/21/pivotx-… | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/75577 | vdb-entryx_refsource_BID |
| http://www.securityfocus.com/archive/1/535860/100… | mailing-listx_refsource_BUGTRAQ |
| http://sourceforge.net/p/pivot-weblog/code/4452/t… | x_refsource_CONFIRM |
Date Public
2015-06-27 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:50:02.605Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://software-talk.org/blog/2015/06/session-fixation-xss-code-execution-vulnerability-pivotx/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/132474/PivotX-2.3.10-Session-Fixation-XSS-Code-Execution.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://blog.pivotx.net/archive/2015/06/21/pivotx-2311-released"
},
{
"name": "75577",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/75577"
},
{
"name": "20150627 Session Fixation, Reflected XSS, Code Execution in PivotX 2.3.10",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/535860/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/p/pivot-weblog/code/4452/tree//branches/2.3.x/pivotx/fileupload.php?diff=51a4cb5e34309d75c0d1612a:4451"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-06-27T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "PivotX before 2.3.11 does not validate the new file extension when renaming a file with multiple extensions, which allows remote attackers to execute arbitrary code by uploading a crafted file, as demonstrated by a file named foo.php.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://software-talk.org/blog/2015/06/session-fixation-xss-code-execution-vulnerability-pivotx/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/132474/PivotX-2.3.10-Session-Fixation-XSS-Code-Execution.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://blog.pivotx.net/archive/2015/06/21/pivotx-2311-released"
},
{
"name": "75577",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/75577"
},
{
"name": "20150627 Session Fixation, Reflected XSS, Code Execution in PivotX 2.3.10",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/535860/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/p/pivot-weblog/code/4452/tree//branches/2.3.x/pivotx/fileupload.php?diff=51a4cb5e34309d75c0d1612a:4451"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-5457",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PivotX before 2.3.11 does not validate the new file extension when renaming a file with multiple extensions, which allows remote attackers to execute arbitrary code by uploading a crafted file, as demonstrated by a file named foo.php.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://software-talk.org/blog/2015/06/session-fixation-xss-code-execution-vulnerability-pivotx/",
"refsource": "MISC",
"url": "http://software-talk.org/blog/2015/06/session-fixation-xss-code-execution-vulnerability-pivotx/"
},
{
"name": "http://packetstormsecurity.com/files/132474/PivotX-2.3.10-Session-Fixation-XSS-Code-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/132474/PivotX-2.3.10-Session-Fixation-XSS-Code-Execution.html"
},
{
"name": "http://blog.pivotx.net/archive/2015/06/21/pivotx-2311-released",
"refsource": "CONFIRM",
"url": "http://blog.pivotx.net/archive/2015/06/21/pivotx-2311-released"
},
{
"name": "75577",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/75577"
},
{
"name": "20150627 Session Fixation, Reflected XSS, Code Execution in PivotX 2.3.10",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/535860/100/0/threaded"
},
{
"name": "http://sourceforge.net/p/pivot-weblog/code/4452/tree//branches/2.3.x/pivotx/fileupload.php?diff=51a4cb5e34309d75c0d1612a:4451",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/p/pivot-weblog/code/4452/tree//branches/2.3.x/pivotx/fileupload.php?diff=51a4cb5e34309d75c0d1612a:4451"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-5457",
"datePublished": "2015-07-08T15:00:00.000Z",
"dateReserved": "2015-07-08T00:00:00.000Z",
"dateUpdated": "2024-08-06T06:50:02.605Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-5456 (GCVE-0-2015-5456)
Vulnerability from cvelistv5 – Published: 2015-07-08 15:00 – Updated: 2024-08-06 06:50
VLAI
Summary
Cross-site scripting (XSS) vulnerability in the form method in modules/formclass.php in PivotX before 2.3.11 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO, related to the "PHP_SELF" variable and form actions.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://sourceforge.net/p/pivot-weblog/code/4457/t… | x_refsource_CONFIRM |
| http://software-talk.org/blog/2015/06/session-fix… | x_refsource_MISC |
| http://packetstormsecurity.com/files/132474/Pivot… | x_refsource_MISC |
| http://blog.pivotx.net/archive/2015/06/21/pivotx-… | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/75577 | vdb-entryx_refsource_BID |
| http://www.securityfocus.com/archive/1/535860/100… | mailing-listx_refsource_BUGTRAQ |
Date Public
2015-06-27 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:50:02.128Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/p/pivot-weblog/code/4457/tree//branches/2.3.x/pivotx/modules/formclass.php?diff=51a4cb5e34309d75c0d1612a:4456"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://software-talk.org/blog/2015/06/session-fixation-xss-code-execution-vulnerability-pivotx/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/132474/PivotX-2.3.10-Session-Fixation-XSS-Code-Execution.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://blog.pivotx.net/archive/2015/06/21/pivotx-2311-released"
},
{
"name": "75577",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/75577"
},
{
"name": "20150627 Session Fixation, Reflected XSS, Code Execution in PivotX 2.3.10",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/535860/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-06-27T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the form method in modules/formclass.php in PivotX before 2.3.11 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO, related to the \"PHP_SELF\" variable and form actions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/p/pivot-weblog/code/4457/tree//branches/2.3.x/pivotx/modules/formclass.php?diff=51a4cb5e34309d75c0d1612a:4456"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://software-talk.org/blog/2015/06/session-fixation-xss-code-execution-vulnerability-pivotx/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/132474/PivotX-2.3.10-Session-Fixation-XSS-Code-Execution.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://blog.pivotx.net/archive/2015/06/21/pivotx-2311-released"
},
{
"name": "75577",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/75577"
},
{
"name": "20150627 Session Fixation, Reflected XSS, Code Execution in PivotX 2.3.10",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/535860/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-5456",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the form method in modules/formclass.php in PivotX before 2.3.11 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO, related to the \"PHP_SELF\" variable and form actions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://sourceforge.net/p/pivot-weblog/code/4457/tree//branches/2.3.x/pivotx/modules/formclass.php?diff=51a4cb5e34309d75c0d1612a:4456",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/p/pivot-weblog/code/4457/tree//branches/2.3.x/pivotx/modules/formclass.php?diff=51a4cb5e34309d75c0d1612a:4456"
},
{
"name": "http://software-talk.org/blog/2015/06/session-fixation-xss-code-execution-vulnerability-pivotx/",
"refsource": "MISC",
"url": "http://software-talk.org/blog/2015/06/session-fixation-xss-code-execution-vulnerability-pivotx/"
},
{
"name": "http://packetstormsecurity.com/files/132474/PivotX-2.3.10-Session-Fixation-XSS-Code-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/132474/PivotX-2.3.10-Session-Fixation-XSS-Code-Execution.html"
},
{
"name": "http://blog.pivotx.net/archive/2015/06/21/pivotx-2311-released",
"refsource": "CONFIRM",
"url": "http://blog.pivotx.net/archive/2015/06/21/pivotx-2311-released"
},
{
"name": "75577",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/75577"
},
{
"name": "20150627 Session Fixation, Reflected XSS, Code Execution in PivotX 2.3.10",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/535860/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-5456",
"datePublished": "2015-07-08T15:00:00.000Z",
"dateReserved": "2015-07-08T00:00:00.000Z",
"dateUpdated": "2024-08-06T06:50:02.128Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-0342 (GCVE-0-2014-0342)
Vulnerability from cvelistv5 – Published: 2014-04-15 10:00 – Updated: 2024-08-06 09:13
VLAI
Summary
Multiple unrestricted file upload vulnerabilities in fileupload.php in PivotX before 2.3.9 allow remote authenticated users to execute arbitrary PHP code by uploading a file with a (1) .php or (2) .php# extension, and then accessing it via unspecified vectors.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://blog.pivotx.net/archive/2014/03/03/pivotx-… | x_refsource_CONFIRM |
| http://sourceforge.net/p/pivot-weblog/code/4347/ | x_refsource_CONFIRM |
| http://pivotx.net/page/security | x_refsource_CONFIRM |
| http://www.kb.cert.org/vuls/id/901156 | third-party-advisoryx_refsource_CERT-VN |
Date Public
2014-03-03 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:13:09.835Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://blog.pivotx.net/archive/2014/03/03/pivotx-239-released"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/p/pivot-weblog/code/4347/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://pivotx.net/page/security"
},
{
"name": "VU#901156",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/901156"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-03-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple unrestricted file upload vulnerabilities in fileupload.php in PivotX before 2.3.9 allow remote authenticated users to execute arbitrary PHP code by uploading a file with a (1) .php or (2) .php# extension, and then accessing it via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-04-15T03:57:00.000Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://blog.pivotx.net/archive/2014/03/03/pivotx-239-released"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/p/pivot-weblog/code/4347/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://pivotx.net/page/security"
},
{
"name": "VU#901156",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/901156"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-0342",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple unrestricted file upload vulnerabilities in fileupload.php in PivotX before 2.3.9 allow remote authenticated users to execute arbitrary PHP code by uploading a file with a (1) .php or (2) .php# extension, and then accessing it via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://blog.pivotx.net/archive/2014/03/03/pivotx-239-released",
"refsource": "CONFIRM",
"url": "http://blog.pivotx.net/archive/2014/03/03/pivotx-239-released"
},
{
"name": "http://sourceforge.net/p/pivot-weblog/code/4347/",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/p/pivot-weblog/code/4347/"
},
{
"name": "http://pivotx.net/page/security",
"refsource": "CONFIRM",
"url": "http://pivotx.net/page/security"
},
{
"name": "VU#901156",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/901156"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2014-0342",
"datePublished": "2014-04-15T10:00:00.000Z",
"dateReserved": "2013-12-05T00:00:00.000Z",
"dateUpdated": "2024-08-06T09:13:09.835Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-0341 (GCVE-0-2014-0341)
Vulnerability from cvelistv5 – Published: 2014-04-15 10:00 – Updated: 2024-08-06 09:13
VLAI
Summary
Multiple cross-site scripting (XSS) vulnerabilities in PivotX before 2.3.9 allow remote authenticated users to inject arbitrary web script or HTML via the title field to (1) templates_internal/pages.tpl, (2) templates_internal/home.tpl, or (3) templates_internal/entries.tpl; (4) an event field to objects.php; or the (5) email or (6) nickname field to pages.php, related to templates_internal/users.tpl.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://sourceforge.net/p/pivot-weblog/code/4349/ | x_refsource_CONFIRM |
| http://blog.pivotx.net/archive/2014/03/03/pivotx-… | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/66800 | vdb-entryx_refsource_BID |
| http://pivotx.net/page/security | x_refsource_CONFIRM |
| http://sourceforge.net/p/pivot-weblog/code/4345/ | x_refsource_CONFIRM |
| http://www.kb.cert.org/vuls/id/901156 | third-party-advisoryx_refsource_CERT-VN |
Date Public
2014-03-03 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:13:10.326Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/p/pivot-weblog/code/4349/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://blog.pivotx.net/archive/2014/03/03/pivotx-239-released"
},
{
"name": "66800",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/66800"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://pivotx.net/page/security"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/p/pivot-weblog/code/4345/"
},
{
"name": "VU#901156",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/901156"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-03-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in PivotX before 2.3.9 allow remote authenticated users to inject arbitrary web script or HTML via the title field to (1) templates_internal/pages.tpl, (2) templates_internal/home.tpl, or (3) templates_internal/entries.tpl; (4) an event field to objects.php; or the (5) email or (6) nickname field to pages.php, related to templates_internal/users.tpl."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-06-02T14:57:00.000Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/p/pivot-weblog/code/4349/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://blog.pivotx.net/archive/2014/03/03/pivotx-239-released"
},
{
"name": "66800",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/66800"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://pivotx.net/page/security"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/p/pivot-weblog/code/4345/"
},
{
"name": "VU#901156",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/901156"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-0341",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in PivotX before 2.3.9 allow remote authenticated users to inject arbitrary web script or HTML via the title field to (1) templates_internal/pages.tpl, (2) templates_internal/home.tpl, or (3) templates_internal/entries.tpl; (4) an event field to objects.php; or the (5) email or (6) nickname field to pages.php, related to templates_internal/users.tpl."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://sourceforge.net/p/pivot-weblog/code/4349/",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/p/pivot-weblog/code/4349/"
},
{
"name": "http://blog.pivotx.net/archive/2014/03/03/pivotx-239-released",
"refsource": "CONFIRM",
"url": "http://blog.pivotx.net/archive/2014/03/03/pivotx-239-released"
},
{
"name": "66800",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/66800"
},
{
"name": "http://pivotx.net/page/security",
"refsource": "CONFIRM",
"url": "http://pivotx.net/page/security"
},
{
"name": "http://sourceforge.net/p/pivot-weblog/code/4345/",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/p/pivot-weblog/code/4345/"
},
{
"name": "VU#901156",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/901156"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2014-0341",
"datePublished": "2014-04-15T10:00:00.000Z",
"dateReserved": "2013-12-05T00:00:00.000Z",
"dateUpdated": "2024-08-06T09:13:10.326Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-2274 (GCVE-0-2012-2274)
Vulnerability from cvelistv5 – Published: 2012-08-13 23:00 – Updated: 2024-08-06 19:26
VLAI
Summary
Cross-site scripting (XSS) vulnerability in pivotx/ajaxhelper.php in PivotX 2.3.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the file parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://www.htbridge.com/advisory/HTB23087 | x_refsource_MISC |
| http://www.securityfocus.com/bid/53434 | vdb-entryx_refsource_BID |
| http://pivot-weblog.svn.sourceforge.net/viewvc/pi… | x_refsource_CONFIRM |
| http://pivotx.net/page/security | x_refsource_CONFIRM |
| http://pivot-weblog.svn.sourceforge.net/viewvc/pi… | x_refsource_CONFIRM |
Date Public
2012-04-18 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:26:08.974Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.htbridge.com/advisory/HTB23087"
},
{
"name": "53434",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/53434"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://pivot-weblog.svn.sourceforge.net/viewvc/pivot-weblog?view=revision\u0026revision=4145"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://pivotx.net/page/security"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://pivot-weblog.svn.sourceforge.net/viewvc/pivot-weblog?view=revision\u0026revision=4147"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-04-18T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in pivotx/ajaxhelper.php in PivotX 2.3.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the file parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-09-29T09:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.htbridge.com/advisory/HTB23087"
},
{
"name": "53434",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/53434"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://pivot-weblog.svn.sourceforge.net/viewvc/pivot-weblog?view=revision\u0026revision=4145"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://pivotx.net/page/security"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://pivot-weblog.svn.sourceforge.net/viewvc/pivot-weblog?view=revision\u0026revision=4147"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-2274",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in pivotx/ajaxhelper.php in PivotX 2.3.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the file parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.htbridge.com/advisory/HTB23087",
"refsource": "MISC",
"url": "https://www.htbridge.com/advisory/HTB23087"
},
{
"name": "53434",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/53434"
},
{
"name": "http://pivot-weblog.svn.sourceforge.net/viewvc/pivot-weblog?view=revision\u0026revision=4145",
"refsource": "CONFIRM",
"url": "http://pivot-weblog.svn.sourceforge.net/viewvc/pivot-weblog?view=revision\u0026revision=4145"
},
{
"name": "http://pivotx.net/page/security",
"refsource": "CONFIRM",
"url": "http://pivotx.net/page/security"
},
{
"name": "http://pivot-weblog.svn.sourceforge.net/viewvc/pivot-weblog?view=revision\u0026revision=4147",
"refsource": "CONFIRM",
"url": "http://pivot-weblog.svn.sourceforge.net/viewvc/pivot-weblog?view=revision\u0026revision=4147"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-2274",
"datePublished": "2012-08-13T23:00:00.000Z",
"dateReserved": "2012-04-18T00:00:00.000Z",
"dateUpdated": "2024-08-06T19:26:08.974Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-1035 (GCVE-0-2011-1035)
Vulnerability from cvelistv5 – Published: 2011-02-18 23:00 – Updated: 2024-08-06 22:14
VLAI
Summary
The password reset in PivotX before 2.2.4 allows remote attackers to modify the passwords of arbitrary users via unspecified vectors.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
10 references
| URL | Tags |
|---|---|
| http://forum.pivotx.net/viewtopic.php?f=2&t=1961 | x_refsource_CONFIRM |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://forum.pivotx.net/viewtopic.php?p=10639#p10639 | x_refsource_MISC |
| http://www.vupen.com/english/advisories/2011/0445 | vdb-entryx_refsource_VUPEN |
| http://secunia.com/advisories/43417 | third-party-advisoryx_refsource_SECUNIA |
| http://osvdb.org/70935 | vdb-entryx_refsource_OSVDB |
| http://www.securityfocus.com/bid/46463 | vdb-entryx_refsource_BID |
| http://www.kb.cert.org/vuls/id/175068 | third-party-advisoryx_refsource_CERT-VN |
| http://forum.pivotx.net/viewtopic.php?f=2&t=1967 | x_refsource_CONFIRM |
| http://blog.pivotx.net/2011-02-16/pivotx-225-released | x_refsource_CONFIRM |
Date Public
2011-02-16 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:14:27.244Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://forum.pivotx.net/viewtopic.php?f=2\u0026t=1961"
},
{
"name": "pivotx-resetpassword-security-bypass(65539)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65539"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://forum.pivotx.net/viewtopic.php?p=10639#p10639"
},
{
"name": "ADV-2011-0445",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0445"
},
{
"name": "43417",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43417"
},
{
"name": "70935",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/70935"
},
{
"name": "46463",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/46463"
},
{
"name": "VU#175068",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/175068"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://forum.pivotx.net/viewtopic.php?f=2\u0026t=1967"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://blog.pivotx.net/2011-02-16/pivotx-225-released"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-02-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The password reset in PivotX before 2.2.4 allows remote attackers to modify the passwords of arbitrary users via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://forum.pivotx.net/viewtopic.php?f=2\u0026t=1961"
},
{
"name": "pivotx-resetpassword-security-bypass(65539)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65539"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://forum.pivotx.net/viewtopic.php?p=10639#p10639"
},
{
"name": "ADV-2011-0445",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0445"
},
{
"name": "43417",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43417"
},
{
"name": "70935",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/70935"
},
{
"name": "46463",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/46463"
},
{
"name": "VU#175068",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/175068"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://forum.pivotx.net/viewtopic.php?f=2\u0026t=1967"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://blog.pivotx.net/2011-02-16/pivotx-225-released"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-1035",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The password reset in PivotX before 2.2.4 allows remote attackers to modify the passwords of arbitrary users via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://forum.pivotx.net/viewtopic.php?f=2\u0026t=1961",
"refsource": "CONFIRM",
"url": "http://forum.pivotx.net/viewtopic.php?f=2\u0026t=1961"
},
{
"name": "pivotx-resetpassword-security-bypass(65539)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65539"
},
{
"name": "http://forum.pivotx.net/viewtopic.php?p=10639#p10639",
"refsource": "MISC",
"url": "http://forum.pivotx.net/viewtopic.php?p=10639#p10639"
},
{
"name": "ADV-2011-0445",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0445"
},
{
"name": "43417",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43417"
},
{
"name": "70935",
"refsource": "OSVDB",
"url": "http://osvdb.org/70935"
},
{
"name": "46463",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/46463"
},
{
"name": "VU#175068",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/175068"
},
{
"name": "http://forum.pivotx.net/viewtopic.php?f=2\u0026t=1967",
"refsource": "CONFIRM",
"url": "http://forum.pivotx.net/viewtopic.php?f=2\u0026t=1967"
},
{
"name": "http://blog.pivotx.net/2011-02-16/pivotx-225-released",
"refsource": "CONFIRM",
"url": "http://blog.pivotx.net/2011-02-16/pivotx-225-released"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-1035",
"datePublished": "2011-02-18T23:00:00.000Z",
"dateReserved": "2011-02-18T00:00:00.000Z",
"dateUpdated": "2024-08-06T22:14:27.244Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-0775 (GCVE-0-2011-0775)
Vulnerability from cvelistv5 – Published: 2011-02-04 00:00 – Updated: 2024-08-06 22:05
VLAI
Summary
pivotx/modules/module_image.php in PivotX 2.2.2 allows remote attackers to obtain sensitive information via a non-existent file in the image parameter, which reveals the installation path in an error message. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://osvdb.org/70675 | vdb-entryx_refsource_OSVDB |
| http://secunia.com/advisories/43041 | third-party-advisoryx_refsource_SECUNIA |
| http://pivot-weblog.svn.sf.net/viewvc/pivot-weblo… | x_refsource_CONFIRM |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Date Public
2011-01-26 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:05:53.381Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "70675",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/70675"
},
{
"name": "43041",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43041"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://pivot-weblog.svn.sf.net/viewvc/pivot-weblog?view=revision\u0026revision=3463"
},
{
"name": "pivotx-image-info-disc(64977)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64977"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-01-26T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "pivotx/modules/module_image.php in PivotX 2.2.2 allows remote attackers to obtain sensitive information via a non-existent file in the image parameter, which reveals the installation path in an error message. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "70675",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/70675"
},
{
"name": "43041",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43041"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://pivot-weblog.svn.sf.net/viewvc/pivot-weblog?view=revision\u0026revision=3463"
},
{
"name": "pivotx-image-info-disc(64977)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64977"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-0775",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "pivotx/modules/module_image.php in PivotX 2.2.2 allows remote attackers to obtain sensitive information via a non-existent file in the image parameter, which reveals the installation path in an error message. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "70675",
"refsource": "OSVDB",
"url": "http://osvdb.org/70675"
},
{
"name": "43041",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43041"
},
{
"name": "http://pivot-weblog.svn.sf.net/viewvc/pivot-weblog?view=revision\u0026revision=3463",
"refsource": "CONFIRM",
"url": "http://pivot-weblog.svn.sf.net/viewvc/pivot-weblog?view=revision\u0026revision=3463"
},
{
"name": "pivotx-image-info-disc(64977)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64977"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-0775",
"datePublished": "2011-02-04T00:00:00.000Z",
"dateReserved": "2011-02-03T00:00:00.000Z",
"dateUpdated": "2024-08-06T22:05:53.381Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-0773 (GCVE-0-2011-0773)
Vulnerability from cvelistv5 – Published: 2011-02-04 00:00 – Updated: 2024-08-06 22:05
VLAI
Summary
Cross-site scripting (XSS) vulnerability in pivotx/modules/module_image.php in PivotX before 2.2.3 allows remote attackers to inject arbitrary web script or HTML via the image parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
10 references
| URL | Tags |
|---|---|
| http://pivot-weblog.svn.sf.net/viewvc/pivot-weblo… | x_refsource_CONFIRM |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://twitter.com/pivotx/statuses/29889056263376898 | x_refsource_CONFIRM |
| http://secunia.com/advisories/43045 | third-party-advisoryx_refsource_SECUNIA |
| http://osvdb.org/70672 | vdb-entryx_refsource_OSVDB |
| http://blog.pivotx.net/2011-01-31/pivotx-223-released | x_refsource_CONFIRM |
| http://securityreason.com/securityalert/8063 | third-party-advisoryx_refsource_SREASON |
| http://www.securityfocus.com/bid/45983 | vdb-entryx_refsource_BID |
| http://packetstormsecurity.org/files/view/97831/P… | x_refsource_MISC |
| http://www.autosectools.com/Advisories/PivotX.2.2… | x_refsource_MISC |
Date Public
2011-01-25 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:05:53.688Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://pivot-weblog.svn.sf.net/viewvc/pivot-weblog?view=revision\u0026revision=3459"
},
{
"name": "pivotx-image-xss(64976)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64976"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://twitter.com/pivotx/statuses/29889056263376898"
},
{
"name": "43045",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43045"
},
{
"name": "70672",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/70672"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://blog.pivotx.net/2011-01-31/pivotx-223-released"
},
{
"name": "8063",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/8063"
},
{
"name": "45983",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/45983"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.org/files/view/97831/Pivotx222-xss.txt"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.autosectools.com/Advisories/PivotX.2.2.2_Reflected.Cross-site.Scripting_76.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-01-25T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in pivotx/modules/module_image.php in PivotX before 2.2.3 allows remote attackers to inject arbitrary web script or HTML via the image parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://pivot-weblog.svn.sf.net/viewvc/pivot-weblog?view=revision\u0026revision=3459"
},
{
"name": "pivotx-image-xss(64976)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64976"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://twitter.com/pivotx/statuses/29889056263376898"
},
{
"name": "43045",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43045"
},
{
"name": "70672",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/70672"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://blog.pivotx.net/2011-01-31/pivotx-223-released"
},
{
"name": "8063",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/8063"
},
{
"name": "45983",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/45983"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.org/files/view/97831/Pivotx222-xss.txt"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.autosectools.com/Advisories/PivotX.2.2.2_Reflected.Cross-site.Scripting_76.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-0773",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in pivotx/modules/module_image.php in PivotX before 2.2.3 allows remote attackers to inject arbitrary web script or HTML via the image parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://pivot-weblog.svn.sf.net/viewvc/pivot-weblog?view=revision\u0026revision=3459",
"refsource": "CONFIRM",
"url": "http://pivot-weblog.svn.sf.net/viewvc/pivot-weblog?view=revision\u0026revision=3459"
},
{
"name": "pivotx-image-xss(64976)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64976"
},
{
"name": "http://twitter.com/pivotx/statuses/29889056263376898",
"refsource": "CONFIRM",
"url": "http://twitter.com/pivotx/statuses/29889056263376898"
},
{
"name": "43045",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43045"
},
{
"name": "70672",
"refsource": "OSVDB",
"url": "http://osvdb.org/70672"
},
{
"name": "http://blog.pivotx.net/2011-01-31/pivotx-223-released",
"refsource": "CONFIRM",
"url": "http://blog.pivotx.net/2011-01-31/pivotx-223-released"
},
{
"name": "8063",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8063"
},
{
"name": "45983",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/45983"
},
{
"name": "http://packetstormsecurity.org/files/view/97831/Pivotx222-xss.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/files/view/97831/Pivotx222-xss.txt"
},
{
"name": "http://www.autosectools.com/Advisories/PivotX.2.2.2_Reflected.Cross-site.Scripting_76.html",
"refsource": "MISC",
"url": "http://www.autosectools.com/Advisories/PivotX.2.2.2_Reflected.Cross-site.Scripting_76.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-0773",
"datePublished": "2011-02-04T00:00:00.000Z",
"dateReserved": "2011-02-03T00:00:00.000Z",
"dateUpdated": "2024-08-06T22:05:53.688Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-0774 (GCVE-0-2011-0774)
Vulnerability from cvelistv5 – Published: 2011-02-04 00:00 – Updated: 2024-08-06 22:05
VLAI
Summary
PivotX before 2.2.2 allows remote attackers to obtain sensitive information via a direct request to (1) includes/ping.php and (2) includes/spamping.php, which reveals the installation path in an error message.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://blog.pivotx.net/archive/2011/01/11/pivotx-… | x_refsource_CONFIRM |
| http://www.htbridge.ch/advisory/path_disclousure_… | x_refsource_MISC |
| http://pivot-weblog.svn.sf.net/viewvc/pivot-weblo… | x_refsource_CONFIRM |
Date Public
2011-01-25 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:05:53.342Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://blog.pivotx.net/archive/2011/01/11/pivotx-222-released"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.htbridge.ch/advisory/path_disclousure_in_pivotx.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://pivot-weblog.svn.sf.net/viewvc/pivot-weblog?view=revision\u0026revision=3410"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-01-25T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "PivotX before 2.2.2 allows remote attackers to obtain sensitive information via a direct request to (1) includes/ping.php and (2) includes/spamping.php, which reveals the installation path in an error message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-02-22T10:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://blog.pivotx.net/archive/2011/01/11/pivotx-222-released"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.htbridge.ch/advisory/path_disclousure_in_pivotx.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://pivot-weblog.svn.sf.net/viewvc/pivot-weblog?view=revision\u0026revision=3410"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-0774",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PivotX before 2.2.2 allows remote attackers to obtain sensitive information via a direct request to (1) includes/ping.php and (2) includes/spamping.php, which reveals the installation path in an error message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://blog.pivotx.net/archive/2011/01/11/pivotx-222-released",
"refsource": "CONFIRM",
"url": "http://blog.pivotx.net/archive/2011/01/11/pivotx-222-released"
},
{
"name": "http://www.htbridge.ch/advisory/path_disclousure_in_pivotx.html",
"refsource": "MISC",
"url": "http://www.htbridge.ch/advisory/path_disclousure_in_pivotx.html"
},
{
"name": "http://pivot-weblog.svn.sf.net/viewvc/pivot-weblog?view=revision\u0026revision=3410",
"refsource": "CONFIRM",
"url": "http://pivot-weblog.svn.sf.net/viewvc/pivot-weblog?view=revision\u0026revision=3410"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-0774",
"datePublished": "2011-02-04T00:00:00.000Z",
"dateReserved": "2011-02-03T00:00:00.000Z",
"dateUpdated": "2024-08-06T22:05:53.342Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-0772 (GCVE-0-2011-0772)
Vulnerability from cvelistv5 – Published: 2011-02-04 00:00 – Updated: 2024-08-06 22:05
VLAI
Summary
Multiple cross-site scripting (XSS) vulnerabilities in PivotX 2.2.0, and possibly other versions before 2.2.2, allow remote attackers to inject arbitrary web script or HTML via the (1) color parameter to includes/blogroll.php or (2) src parameter to includes/timwrapper.php.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
13 references
| URL | Tags |
|---|---|
| http://www.osvdb.org/70673 | vdb-entryx_refsource_OSVDB |
| http://blog.pivotx.net/archive/2011/01/11/pivotx-… | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/45996 | vdb-entryx_refsource_BID |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://secunia.com/advisories/43040 | third-party-advisoryx_refsource_SECUNIA |
| http://pivot-weblog.svn.sf.net/viewvc/pivot-weblo… | x_refsource_CONFIRM |
| http://www.osvdb.org/70674 | vdb-entryx_refsource_OSVDB |
| http://pivot-weblog.svn.sf.net/viewvc/pivot-weblo… | x_refsource_CONFIRM |
| http://www.htbridge.ch/advisory/xss_in_pivotx.html | x_refsource_MISC |
| http://www.securityfocus.com/archive/1/515964/100… | mailing-listx_refsource_BUGTRAQ |
| http://securityreason.com/securityalert/8062 | third-party-advisoryx_refsource_SREASON |
| http://www.htbridge.ch/advisory/xss_in_pivotx_1.html | x_refsource_MISC |
| http://www.securityfocus.com/archive/1/515958/100… | mailing-listx_refsource_BUGTRAQ |
Date Public
2011-01-25 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:05:53.510Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "70673",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/70673"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://blog.pivotx.net/archive/2011/01/11/pivotx-222-released"
},
{
"name": "45996",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/45996"
},
{
"name": "pivotx-blogroll-xss(64975)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64975"
},
{
"name": "43040",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43040"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://pivot-weblog.svn.sf.net/viewvc/pivot-weblog?view=revision\u0026revision=3409"
},
{
"name": "70674",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/70674"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://pivot-weblog.svn.sf.net/viewvc/pivot-weblog?view=revision\u0026revision=3410"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.htbridge.ch/advisory/xss_in_pivotx.html"
},
{
"name": "20110125 HTB22790: XSS in Pivotx",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/515964/100/0/threaded"
},
{
"name": "8062",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/8062"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.htbridge.ch/advisory/xss_in_pivotx_1.html"
},
{
"name": "20110125 HTB22788: XSS in Pivotx",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/515958/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-01-25T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in PivotX 2.2.0, and possibly other versions before 2.2.2, allow remote attackers to inject arbitrary web script or HTML via the (1) color parameter to includes/blogroll.php or (2) src parameter to includes/timwrapper.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "70673",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/70673"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://blog.pivotx.net/archive/2011/01/11/pivotx-222-released"
},
{
"name": "45996",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/45996"
},
{
"name": "pivotx-blogroll-xss(64975)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64975"
},
{
"name": "43040",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43040"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://pivot-weblog.svn.sf.net/viewvc/pivot-weblog?view=revision\u0026revision=3409"
},
{
"name": "70674",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/70674"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://pivot-weblog.svn.sf.net/viewvc/pivot-weblog?view=revision\u0026revision=3410"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.htbridge.ch/advisory/xss_in_pivotx.html"
},
{
"name": "20110125 HTB22790: XSS in Pivotx",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/515964/100/0/threaded"
},
{
"name": "8062",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/8062"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.htbridge.ch/advisory/xss_in_pivotx_1.html"
},
{
"name": "20110125 HTB22788: XSS in Pivotx",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/515958/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-0772",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in PivotX 2.2.0, and possibly other versions before 2.2.2, allow remote attackers to inject arbitrary web script or HTML via the (1) color parameter to includes/blogroll.php or (2) src parameter to includes/timwrapper.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "70673",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/70673"
},
{
"name": "http://blog.pivotx.net/archive/2011/01/11/pivotx-222-released",
"refsource": "CONFIRM",
"url": "http://blog.pivotx.net/archive/2011/01/11/pivotx-222-released"
},
{
"name": "45996",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/45996"
},
{
"name": "pivotx-blogroll-xss(64975)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64975"
},
{
"name": "43040",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43040"
},
{
"name": "http://pivot-weblog.svn.sf.net/viewvc/pivot-weblog?view=revision\u0026revision=3409",
"refsource": "CONFIRM",
"url": "http://pivot-weblog.svn.sf.net/viewvc/pivot-weblog?view=revision\u0026revision=3409"
},
{
"name": "70674",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/70674"
},
{
"name": "http://pivot-weblog.svn.sf.net/viewvc/pivot-weblog?view=revision\u0026revision=3410",
"refsource": "CONFIRM",
"url": "http://pivot-weblog.svn.sf.net/viewvc/pivot-weblog?view=revision\u0026revision=3410"
},
{
"name": "http://www.htbridge.ch/advisory/xss_in_pivotx.html",
"refsource": "MISC",
"url": "http://www.htbridge.ch/advisory/xss_in_pivotx.html"
},
{
"name": "20110125 HTB22790: XSS in Pivotx",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/515964/100/0/threaded"
},
{
"name": "8062",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8062"
},
{
"name": "http://www.htbridge.ch/advisory/xss_in_pivotx_1.html",
"refsource": "MISC",
"url": "http://www.htbridge.ch/advisory/xss_in_pivotx_1.html"
},
{
"name": "20110125 HTB22788: XSS in Pivotx",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/515958/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-0772",
"datePublished": "2011-02-04T00:00:00.000Z",
"dateReserved": "2011-02-03T00:00:00.000Z",
"dateUpdated": "2024-08-06T22:05:53.510Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}