Search criteria
16 vulnerabilities by pivotx
CVE-2025-52367 (GCVE-0-2025-52367)
Vulnerability from cvelistv5 – Published: 2025-09-22 00:00 – Updated: 2025-09-23 18:13
VLAI?
Summary
Cross Site Scripting vulnerability in PivotX CMS v.3.0.0 RC 3 allows a remote attacker to execute arbitrary code via the subtitle field.
Severity ?
5.4 (Medium)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-52367",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-23T16:03:07.593751Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-23T18:13:24.806Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://medium.com/@hayton1088/cve-2025-52367-stored-xss-to-rce-via-privilege-escalation-in-pivotx-cms-v3-0-0-rc-3-a1b870bcb7b3"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross Site Scripting vulnerability in PivotX CMS v.3.0.0 RC 3 allows a remote attacker to execute arbitrary code via the subtitle field."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-22T18:43:18.692Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "http://pivotx.com"
},
{
"url": "https://medium.com/@hayton1088/cve-2025-52367-stored-xss-to-rce-via-privilege-escalation-in-pivotx-cms-v3-0-0-rc-3-a1b870bcb7b3"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-52367",
"datePublished": "2025-09-22T00:00:00.000Z",
"dateReserved": "2025-06-16T00:00:00.000Z",
"dateUpdated": "2025-09-23T18:13:24.806Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-14958 (GCVE-0-2017-14958)
Vulnerability from cvelistv5 – Published: 2017-10-01 15:00 – Updated: 2024-08-05 19:42
VLAI?
Summary
lib.php in PivotX 2.3.11 does not properly block uploads of dangerous file types by admin users, which allows remote PHP code execution via an upload of a .php file.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:42:22.500Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://sourceforge.net/p/pivot-weblog/code/4490/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-10-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "lib.php in PivotX 2.3.11 does not properly block uploads of dangerous file types by admin users, which allows remote PHP code execution via an upload of a .php file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-01T15:57:02",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://sourceforge.net/p/pivot-weblog/code/4490/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-14958",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "lib.php in PivotX 2.3.11 does not properly block uploads of dangerous file types by admin users, which allows remote PHP code execution via an upload of a .php file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://sourceforge.net/p/pivot-weblog/code/4490/",
"refsource": "CONFIRM",
"url": "https://sourceforge.net/p/pivot-weblog/code/4490/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-14958",
"datePublished": "2017-10-01T15:00:00",
"dateReserved": "2017-10-01T00:00:00",
"dateUpdated": "2024-08-05T19:42:22.500Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-9332 (GCVE-0-2017-9332)
Vulnerability from cvelistv5 – Published: 2017-06-06 14:00 – Updated: 2024-08-05 17:02
VLAI?
Summary
The smarty_self function in modules/module_smarty.php in PivotX 2.3.11 mishandles the URI, allowing XSS via vectors involving quotes in the self Smarty tag.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:02:44.346Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://sourceforge.net/p/pivot-weblog/code/4487/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-06-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The smarty_self function in modules/module_smarty.php in PivotX 2.3.11 mishandles the URI, allowing XSS via vectors involving quotes in the self Smarty tag."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-06T11:57:02",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://sourceforge.net/p/pivot-weblog/code/4487/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-9332",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The smarty_self function in modules/module_smarty.php in PivotX 2.3.11 mishandles the URI, allowing XSS via vectors involving quotes in the self Smarty tag."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://sourceforge.net/p/pivot-weblog/code/4487/",
"refsource": "MISC",
"url": "https://sourceforge.net/p/pivot-weblog/code/4487/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-9332",
"datePublished": "2017-06-06T14:00:00",
"dateReserved": "2017-05-31T00:00:00",
"dateUpdated": "2024-08-05T17:02:44.346Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-8402 (GCVE-0-2017-8402)
Vulnerability from cvelistv5 – Published: 2017-05-31 03:54 – Updated: 2024-08-05 16:34
VLAI?
Summary
PivotX 2.3.11 allows remote authenticated users to execute arbitrary PHP code via vectors involving an upload of a .htaccess file.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:34:22.904Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://sourceforge.net/p/pivot-weblog/code/4489/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-05-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "PivotX 2.3.11 allows remote authenticated users to execute arbitrary PHP code via vectors involving an upload of a .htaccess file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-05-31T03:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://sourceforge.net/p/pivot-weblog/code/4489/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-8402",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PivotX 2.3.11 allows remote authenticated users to execute arbitrary PHP code via vectors involving an upload of a .htaccess file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://sourceforge.net/p/pivot-weblog/code/4489/",
"refsource": "MISC",
"url": "https://sourceforge.net/p/pivot-weblog/code/4489/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-8402",
"datePublished": "2017-05-31T03:54:00",
"dateReserved": "2017-05-01T00:00:00",
"dateUpdated": "2024-08-05T16:34:22.904Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-7570 (GCVE-0-2017-7570)
Vulnerability from cvelistv5 – Published: 2017-04-07 04:33 – Updated: 2024-08-05 16:04
VLAI?
Summary
PivotX 2.3.11 allows remote authenticated Advanced users to execute arbitrary PHP code by performing an upload with a safe file extension (such as .jpg) and then invoking the duplicate function to change to the .php extension.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:04:12.041Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gist.github.com/X1nda/749b6aac6e080624d9f8ec81321335df"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-04-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "PivotX 2.3.11 allows remote authenticated Advanced users to execute arbitrary PHP code by performing an upload with a safe file extension (such as .jpg) and then invoking the duplicate function to change to the .php extension."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-04-07T04:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gist.github.com/X1nda/749b6aac6e080624d9f8ec81321335df"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-7570",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PivotX 2.3.11 allows remote authenticated Advanced users to execute arbitrary PHP code by performing an upload with a safe file extension (such as .jpg) and then invoking the duplicate function to change to the .php extension."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gist.github.com/X1nda/749b6aac6e080624d9f8ec81321335df",
"refsource": "MISC",
"url": "https://gist.github.com/X1nda/749b6aac6e080624d9f8ec81321335df"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-7570",
"datePublished": "2017-04-07T04:33:00",
"dateReserved": "2017-04-06T00:00:00",
"dateUpdated": "2024-08-05T16:04:12.041Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-5457 (GCVE-0-2015-5457)
Vulnerability from cvelistv5 – Published: 2015-07-08 15:00 – Updated: 2024-08-06 06:50
VLAI?
Summary
PivotX before 2.3.11 does not validate the new file extension when renaming a file with multiple extensions, which allows remote attackers to execute arbitrary code by uploading a crafted file, as demonstrated by a file named foo.php.php.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:50:02.605Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://software-talk.org/blog/2015/06/session-fixation-xss-code-execution-vulnerability-pivotx/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/132474/PivotX-2.3.10-Session-Fixation-XSS-Code-Execution.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://blog.pivotx.net/archive/2015/06/21/pivotx-2311-released"
},
{
"name": "75577",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/75577"
},
{
"name": "20150627 Session Fixation, Reflected XSS, Code Execution in PivotX 2.3.10",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/535860/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/p/pivot-weblog/code/4452/tree//branches/2.3.x/pivotx/fileupload.php?diff=51a4cb5e34309d75c0d1612a:4451"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-06-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "PivotX before 2.3.11 does not validate the new file extension when renaming a file with multiple extensions, which allows remote attackers to execute arbitrary code by uploading a crafted file, as demonstrated by a file named foo.php.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://software-talk.org/blog/2015/06/session-fixation-xss-code-execution-vulnerability-pivotx/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/132474/PivotX-2.3.10-Session-Fixation-XSS-Code-Execution.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://blog.pivotx.net/archive/2015/06/21/pivotx-2311-released"
},
{
"name": "75577",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/75577"
},
{
"name": "20150627 Session Fixation, Reflected XSS, Code Execution in PivotX 2.3.10",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/535860/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/p/pivot-weblog/code/4452/tree//branches/2.3.x/pivotx/fileupload.php?diff=51a4cb5e34309d75c0d1612a:4451"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-5457",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PivotX before 2.3.11 does not validate the new file extension when renaming a file with multiple extensions, which allows remote attackers to execute arbitrary code by uploading a crafted file, as demonstrated by a file named foo.php.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://software-talk.org/blog/2015/06/session-fixation-xss-code-execution-vulnerability-pivotx/",
"refsource": "MISC",
"url": "http://software-talk.org/blog/2015/06/session-fixation-xss-code-execution-vulnerability-pivotx/"
},
{
"name": "http://packetstormsecurity.com/files/132474/PivotX-2.3.10-Session-Fixation-XSS-Code-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/132474/PivotX-2.3.10-Session-Fixation-XSS-Code-Execution.html"
},
{
"name": "http://blog.pivotx.net/archive/2015/06/21/pivotx-2311-released",
"refsource": "CONFIRM",
"url": "http://blog.pivotx.net/archive/2015/06/21/pivotx-2311-released"
},
{
"name": "75577",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/75577"
},
{
"name": "20150627 Session Fixation, Reflected XSS, Code Execution in PivotX 2.3.10",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/535860/100/0/threaded"
},
{
"name": "http://sourceforge.net/p/pivot-weblog/code/4452/tree//branches/2.3.x/pivotx/fileupload.php?diff=51a4cb5e34309d75c0d1612a:4451",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/p/pivot-weblog/code/4452/tree//branches/2.3.x/pivotx/fileupload.php?diff=51a4cb5e34309d75c0d1612a:4451"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-5457",
"datePublished": "2015-07-08T15:00:00",
"dateReserved": "2015-07-08T00:00:00",
"dateUpdated": "2024-08-06T06:50:02.605Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-5456 (GCVE-0-2015-5456)
Vulnerability from cvelistv5 – Published: 2015-07-08 15:00 – Updated: 2024-08-06 06:50
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in the form method in modules/formclass.php in PivotX before 2.3.11 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO, related to the "PHP_SELF" variable and form actions.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:50:02.128Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/p/pivot-weblog/code/4457/tree//branches/2.3.x/pivotx/modules/formclass.php?diff=51a4cb5e34309d75c0d1612a:4456"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://software-talk.org/blog/2015/06/session-fixation-xss-code-execution-vulnerability-pivotx/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/132474/PivotX-2.3.10-Session-Fixation-XSS-Code-Execution.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://blog.pivotx.net/archive/2015/06/21/pivotx-2311-released"
},
{
"name": "75577",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/75577"
},
{
"name": "20150627 Session Fixation, Reflected XSS, Code Execution in PivotX 2.3.10",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/535860/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-06-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the form method in modules/formclass.php in PivotX before 2.3.11 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO, related to the \"PHP_SELF\" variable and form actions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/p/pivot-weblog/code/4457/tree//branches/2.3.x/pivotx/modules/formclass.php?diff=51a4cb5e34309d75c0d1612a:4456"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://software-talk.org/blog/2015/06/session-fixation-xss-code-execution-vulnerability-pivotx/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/132474/PivotX-2.3.10-Session-Fixation-XSS-Code-Execution.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://blog.pivotx.net/archive/2015/06/21/pivotx-2311-released"
},
{
"name": "75577",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/75577"
},
{
"name": "20150627 Session Fixation, Reflected XSS, Code Execution in PivotX 2.3.10",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/535860/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-5456",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the form method in modules/formclass.php in PivotX before 2.3.11 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO, related to the \"PHP_SELF\" variable and form actions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://sourceforge.net/p/pivot-weblog/code/4457/tree//branches/2.3.x/pivotx/modules/formclass.php?diff=51a4cb5e34309d75c0d1612a:4456",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/p/pivot-weblog/code/4457/tree//branches/2.3.x/pivotx/modules/formclass.php?diff=51a4cb5e34309d75c0d1612a:4456"
},
{
"name": "http://software-talk.org/blog/2015/06/session-fixation-xss-code-execution-vulnerability-pivotx/",
"refsource": "MISC",
"url": "http://software-talk.org/blog/2015/06/session-fixation-xss-code-execution-vulnerability-pivotx/"
},
{
"name": "http://packetstormsecurity.com/files/132474/PivotX-2.3.10-Session-Fixation-XSS-Code-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/132474/PivotX-2.3.10-Session-Fixation-XSS-Code-Execution.html"
},
{
"name": "http://blog.pivotx.net/archive/2015/06/21/pivotx-2311-released",
"refsource": "CONFIRM",
"url": "http://blog.pivotx.net/archive/2015/06/21/pivotx-2311-released"
},
{
"name": "75577",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/75577"
},
{
"name": "20150627 Session Fixation, Reflected XSS, Code Execution in PivotX 2.3.10",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/535860/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-5456",
"datePublished": "2015-07-08T15:00:00",
"dateReserved": "2015-07-08T00:00:00",
"dateUpdated": "2024-08-06T06:50:02.128Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-5458 (GCVE-0-2015-5458)
Vulnerability from cvelistv5 – Published: 2015-07-08 15:00 – Updated: 2024-08-06 06:50
VLAI?
Summary
Session fixation vulnerability in fileupload.php in PivotX before 2.3.11 allows remote attackers to hijack web sessions via the sess parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:50:02.403Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://software-talk.org/blog/2015/06/session-fixation-xss-code-execution-vulnerability-pivotx/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/132474/PivotX-2.3.10-Session-Fixation-XSS-Code-Execution.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://blog.pivotx.net/archive/2015/06/21/pivotx-2311-released"
},
{
"name": "75577",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/75577"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/p/pivot-weblog/code/4450/tree//branches/2.3.x/pivotx/fileupload.php?diff=51a4cb5e34309d75c0d1612a:4449"
},
{
"name": "20150627 Session Fixation, Reflected XSS, Code Execution in PivotX 2.3.10",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/535860/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-06-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Session fixation vulnerability in fileupload.php in PivotX before 2.3.11 allows remote attackers to hijack web sessions via the sess parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://software-talk.org/blog/2015/06/session-fixation-xss-code-execution-vulnerability-pivotx/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/132474/PivotX-2.3.10-Session-Fixation-XSS-Code-Execution.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://blog.pivotx.net/archive/2015/06/21/pivotx-2311-released"
},
{
"name": "75577",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/75577"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/p/pivot-weblog/code/4450/tree//branches/2.3.x/pivotx/fileupload.php?diff=51a4cb5e34309d75c0d1612a:4449"
},
{
"name": "20150627 Session Fixation, Reflected XSS, Code Execution in PivotX 2.3.10",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/535860/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-5458",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Session fixation vulnerability in fileupload.php in PivotX before 2.3.11 allows remote attackers to hijack web sessions via the sess parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://software-talk.org/blog/2015/06/session-fixation-xss-code-execution-vulnerability-pivotx/",
"refsource": "MISC",
"url": "http://software-talk.org/blog/2015/06/session-fixation-xss-code-execution-vulnerability-pivotx/"
},
{
"name": "http://packetstormsecurity.com/files/132474/PivotX-2.3.10-Session-Fixation-XSS-Code-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/132474/PivotX-2.3.10-Session-Fixation-XSS-Code-Execution.html"
},
{
"name": "http://blog.pivotx.net/archive/2015/06/21/pivotx-2311-released",
"refsource": "CONFIRM",
"url": "http://blog.pivotx.net/archive/2015/06/21/pivotx-2311-released"
},
{
"name": "75577",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/75577"
},
{
"name": "http://sourceforge.net/p/pivot-weblog/code/4450/tree//branches/2.3.x/pivotx/fileupload.php?diff=51a4cb5e34309d75c0d1612a:4449",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/p/pivot-weblog/code/4450/tree//branches/2.3.x/pivotx/fileupload.php?diff=51a4cb5e34309d75c0d1612a:4449"
},
{
"name": "20150627 Session Fixation, Reflected XSS, Code Execution in PivotX 2.3.10",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/535860/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-5458",
"datePublished": "2015-07-08T15:00:00",
"dateReserved": "2015-07-08T00:00:00",
"dateUpdated": "2024-08-06T06:50:02.403Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-0341 (GCVE-0-2014-0341)
Vulnerability from cvelistv5 – Published: 2014-04-15 10:00 – Updated: 2024-08-06 09:13
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in PivotX before 2.3.9 allow remote authenticated users to inject arbitrary web script or HTML via the title field to (1) templates_internal/pages.tpl, (2) templates_internal/home.tpl, or (3) templates_internal/entries.tpl; (4) an event field to objects.php; or the (5) email or (6) nickname field to pages.php, related to templates_internal/users.tpl.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:13:10.326Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/p/pivot-weblog/code/4349/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://blog.pivotx.net/archive/2014/03/03/pivotx-239-released"
},
{
"name": "66800",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/66800"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://pivotx.net/page/security"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/p/pivot-weblog/code/4345/"
},
{
"name": "VU#901156",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/901156"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-03-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in PivotX before 2.3.9 allow remote authenticated users to inject arbitrary web script or HTML via the title field to (1) templates_internal/pages.tpl, (2) templates_internal/home.tpl, or (3) templates_internal/entries.tpl; (4) an event field to objects.php; or the (5) email or (6) nickname field to pages.php, related to templates_internal/users.tpl."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-06-02T14:57:00",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/p/pivot-weblog/code/4349/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://blog.pivotx.net/archive/2014/03/03/pivotx-239-released"
},
{
"name": "66800",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/66800"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://pivotx.net/page/security"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/p/pivot-weblog/code/4345/"
},
{
"name": "VU#901156",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/901156"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-0341",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in PivotX before 2.3.9 allow remote authenticated users to inject arbitrary web script or HTML via the title field to (1) templates_internal/pages.tpl, (2) templates_internal/home.tpl, or (3) templates_internal/entries.tpl; (4) an event field to objects.php; or the (5) email or (6) nickname field to pages.php, related to templates_internal/users.tpl."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://sourceforge.net/p/pivot-weblog/code/4349/",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/p/pivot-weblog/code/4349/"
},
{
"name": "http://blog.pivotx.net/archive/2014/03/03/pivotx-239-released",
"refsource": "CONFIRM",
"url": "http://blog.pivotx.net/archive/2014/03/03/pivotx-239-released"
},
{
"name": "66800",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/66800"
},
{
"name": "http://pivotx.net/page/security",
"refsource": "CONFIRM",
"url": "http://pivotx.net/page/security"
},
{
"name": "http://sourceforge.net/p/pivot-weblog/code/4345/",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/p/pivot-weblog/code/4345/"
},
{
"name": "VU#901156",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/901156"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2014-0341",
"datePublished": "2014-04-15T10:00:00",
"dateReserved": "2013-12-05T00:00:00",
"dateUpdated": "2024-08-06T09:13:10.326Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-0342 (GCVE-0-2014-0342)
Vulnerability from cvelistv5 – Published: 2014-04-15 10:00 – Updated: 2024-08-06 09:13
VLAI?
Summary
Multiple unrestricted file upload vulnerabilities in fileupload.php in PivotX before 2.3.9 allow remote authenticated users to execute arbitrary PHP code by uploading a file with a (1) .php or (2) .php# extension, and then accessing it via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:13:09.835Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://blog.pivotx.net/archive/2014/03/03/pivotx-239-released"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/p/pivot-weblog/code/4347/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://pivotx.net/page/security"
},
{
"name": "VU#901156",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/901156"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-03-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple unrestricted file upload vulnerabilities in fileupload.php in PivotX before 2.3.9 allow remote authenticated users to execute arbitrary PHP code by uploading a file with a (1) .php or (2) .php# extension, and then accessing it via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-04-15T03:57:00",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://blog.pivotx.net/archive/2014/03/03/pivotx-239-released"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/p/pivot-weblog/code/4347/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://pivotx.net/page/security"
},
{
"name": "VU#901156",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/901156"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-0342",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple unrestricted file upload vulnerabilities in fileupload.php in PivotX before 2.3.9 allow remote authenticated users to execute arbitrary PHP code by uploading a file with a (1) .php or (2) .php# extension, and then accessing it via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://blog.pivotx.net/archive/2014/03/03/pivotx-239-released",
"refsource": "CONFIRM",
"url": "http://blog.pivotx.net/archive/2014/03/03/pivotx-239-released"
},
{
"name": "http://sourceforge.net/p/pivot-weblog/code/4347/",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/p/pivot-weblog/code/4347/"
},
{
"name": "http://pivotx.net/page/security",
"refsource": "CONFIRM",
"url": "http://pivotx.net/page/security"
},
{
"name": "VU#901156",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/901156"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2014-0342",
"datePublished": "2014-04-15T10:00:00",
"dateReserved": "2013-12-05T00:00:00",
"dateUpdated": "2024-08-06T09:13:09.835Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-2274 (GCVE-0-2012-2274)
Vulnerability from cvelistv5 – Published: 2012-08-13 23:00 – Updated: 2024-08-06 19:26
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in pivotx/ajaxhelper.php in PivotX 2.3.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the file parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:26:08.974Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.htbridge.com/advisory/HTB23087"
},
{
"name": "53434",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/53434"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://pivot-weblog.svn.sourceforge.net/viewvc/pivot-weblog?view=revision\u0026revision=4145"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://pivotx.net/page/security"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://pivot-weblog.svn.sourceforge.net/viewvc/pivot-weblog?view=revision\u0026revision=4147"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-04-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in pivotx/ajaxhelper.php in PivotX 2.3.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the file parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-09-29T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.htbridge.com/advisory/HTB23087"
},
{
"name": "53434",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/53434"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://pivot-weblog.svn.sourceforge.net/viewvc/pivot-weblog?view=revision\u0026revision=4145"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://pivotx.net/page/security"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://pivot-weblog.svn.sourceforge.net/viewvc/pivot-weblog?view=revision\u0026revision=4147"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-2274",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in pivotx/ajaxhelper.php in PivotX 2.3.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the file parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.htbridge.com/advisory/HTB23087",
"refsource": "MISC",
"url": "https://www.htbridge.com/advisory/HTB23087"
},
{
"name": "53434",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/53434"
},
{
"name": "http://pivot-weblog.svn.sourceforge.net/viewvc/pivot-weblog?view=revision\u0026revision=4145",
"refsource": "CONFIRM",
"url": "http://pivot-weblog.svn.sourceforge.net/viewvc/pivot-weblog?view=revision\u0026revision=4145"
},
{
"name": "http://pivotx.net/page/security",
"refsource": "CONFIRM",
"url": "http://pivotx.net/page/security"
},
{
"name": "http://pivot-weblog.svn.sourceforge.net/viewvc/pivot-weblog?view=revision\u0026revision=4147",
"refsource": "CONFIRM",
"url": "http://pivot-weblog.svn.sourceforge.net/viewvc/pivot-weblog?view=revision\u0026revision=4147"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-2274",
"datePublished": "2012-08-13T23:00:00",
"dateReserved": "2012-04-18T00:00:00",
"dateUpdated": "2024-08-06T19:26:08.974Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-1035 (GCVE-0-2011-1035)
Vulnerability from cvelistv5 – Published: 2011-02-18 23:00 – Updated: 2024-08-06 22:14
VLAI?
Summary
The password reset in PivotX before 2.2.4 allows remote attackers to modify the passwords of arbitrary users via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:14:27.244Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://forum.pivotx.net/viewtopic.php?f=2\u0026t=1961"
},
{
"name": "pivotx-resetpassword-security-bypass(65539)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65539"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://forum.pivotx.net/viewtopic.php?p=10639#p10639"
},
{
"name": "ADV-2011-0445",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0445"
},
{
"name": "43417",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43417"
},
{
"name": "70935",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/70935"
},
{
"name": "46463",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/46463"
},
{
"name": "VU#175068",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/175068"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://forum.pivotx.net/viewtopic.php?f=2\u0026t=1967"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://blog.pivotx.net/2011-02-16/pivotx-225-released"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-02-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The password reset in PivotX before 2.2.4 allows remote attackers to modify the passwords of arbitrary users via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://forum.pivotx.net/viewtopic.php?f=2\u0026t=1961"
},
{
"name": "pivotx-resetpassword-security-bypass(65539)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65539"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://forum.pivotx.net/viewtopic.php?p=10639#p10639"
},
{
"name": "ADV-2011-0445",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0445"
},
{
"name": "43417",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43417"
},
{
"name": "70935",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/70935"
},
{
"name": "46463",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/46463"
},
{
"name": "VU#175068",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/175068"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://forum.pivotx.net/viewtopic.php?f=2\u0026t=1967"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://blog.pivotx.net/2011-02-16/pivotx-225-released"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-1035",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The password reset in PivotX before 2.2.4 allows remote attackers to modify the passwords of arbitrary users via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://forum.pivotx.net/viewtopic.php?f=2\u0026t=1961",
"refsource": "CONFIRM",
"url": "http://forum.pivotx.net/viewtopic.php?f=2\u0026t=1961"
},
{
"name": "pivotx-resetpassword-security-bypass(65539)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65539"
},
{
"name": "http://forum.pivotx.net/viewtopic.php?p=10639#p10639",
"refsource": "MISC",
"url": "http://forum.pivotx.net/viewtopic.php?p=10639#p10639"
},
{
"name": "ADV-2011-0445",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0445"
},
{
"name": "43417",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43417"
},
{
"name": "70935",
"refsource": "OSVDB",
"url": "http://osvdb.org/70935"
},
{
"name": "46463",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/46463"
},
{
"name": "VU#175068",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/175068"
},
{
"name": "http://forum.pivotx.net/viewtopic.php?f=2\u0026t=1967",
"refsource": "CONFIRM",
"url": "http://forum.pivotx.net/viewtopic.php?f=2\u0026t=1967"
},
{
"name": "http://blog.pivotx.net/2011-02-16/pivotx-225-released",
"refsource": "CONFIRM",
"url": "http://blog.pivotx.net/2011-02-16/pivotx-225-released"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-1035",
"datePublished": "2011-02-18T23:00:00",
"dateReserved": "2011-02-18T00:00:00",
"dateUpdated": "2024-08-06T22:14:27.244Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-0774 (GCVE-0-2011-0774)
Vulnerability from cvelistv5 – Published: 2011-02-04 00:00 – Updated: 2024-08-06 22:05
VLAI?
Summary
PivotX before 2.2.2 allows remote attackers to obtain sensitive information via a direct request to (1) includes/ping.php and (2) includes/spamping.php, which reveals the installation path in an error message.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:05:53.342Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://blog.pivotx.net/archive/2011/01/11/pivotx-222-released"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.htbridge.ch/advisory/path_disclousure_in_pivotx.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://pivot-weblog.svn.sf.net/viewvc/pivot-weblog?view=revision\u0026revision=3410"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-01-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "PivotX before 2.2.2 allows remote attackers to obtain sensitive information via a direct request to (1) includes/ping.php and (2) includes/spamping.php, which reveals the installation path in an error message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-02-22T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://blog.pivotx.net/archive/2011/01/11/pivotx-222-released"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.htbridge.ch/advisory/path_disclousure_in_pivotx.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://pivot-weblog.svn.sf.net/viewvc/pivot-weblog?view=revision\u0026revision=3410"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-0774",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PivotX before 2.2.2 allows remote attackers to obtain sensitive information via a direct request to (1) includes/ping.php and (2) includes/spamping.php, which reveals the installation path in an error message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://blog.pivotx.net/archive/2011/01/11/pivotx-222-released",
"refsource": "CONFIRM",
"url": "http://blog.pivotx.net/archive/2011/01/11/pivotx-222-released"
},
{
"name": "http://www.htbridge.ch/advisory/path_disclousure_in_pivotx.html",
"refsource": "MISC",
"url": "http://www.htbridge.ch/advisory/path_disclousure_in_pivotx.html"
},
{
"name": "http://pivot-weblog.svn.sf.net/viewvc/pivot-weblog?view=revision\u0026revision=3410",
"refsource": "CONFIRM",
"url": "http://pivot-weblog.svn.sf.net/viewvc/pivot-weblog?view=revision\u0026revision=3410"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-0774",
"datePublished": "2011-02-04T00:00:00",
"dateReserved": "2011-02-03T00:00:00",
"dateUpdated": "2024-08-06T22:05:53.342Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-0773 (GCVE-0-2011-0773)
Vulnerability from cvelistv5 – Published: 2011-02-04 00:00 – Updated: 2024-08-06 22:05
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in pivotx/modules/module_image.php in PivotX before 2.2.3 allows remote attackers to inject arbitrary web script or HTML via the image parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:05:53.688Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://pivot-weblog.svn.sf.net/viewvc/pivot-weblog?view=revision\u0026revision=3459"
},
{
"name": "pivotx-image-xss(64976)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64976"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://twitter.com/pivotx/statuses/29889056263376898"
},
{
"name": "43045",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43045"
},
{
"name": "70672",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/70672"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://blog.pivotx.net/2011-01-31/pivotx-223-released"
},
{
"name": "8063",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/8063"
},
{
"name": "45983",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/45983"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.org/files/view/97831/Pivotx222-xss.txt"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.autosectools.com/Advisories/PivotX.2.2.2_Reflected.Cross-site.Scripting_76.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-01-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in pivotx/modules/module_image.php in PivotX before 2.2.3 allows remote attackers to inject arbitrary web script or HTML via the image parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://pivot-weblog.svn.sf.net/viewvc/pivot-weblog?view=revision\u0026revision=3459"
},
{
"name": "pivotx-image-xss(64976)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64976"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://twitter.com/pivotx/statuses/29889056263376898"
},
{
"name": "43045",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43045"
},
{
"name": "70672",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/70672"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://blog.pivotx.net/2011-01-31/pivotx-223-released"
},
{
"name": "8063",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/8063"
},
{
"name": "45983",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/45983"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.org/files/view/97831/Pivotx222-xss.txt"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.autosectools.com/Advisories/PivotX.2.2.2_Reflected.Cross-site.Scripting_76.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-0773",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in pivotx/modules/module_image.php in PivotX before 2.2.3 allows remote attackers to inject arbitrary web script or HTML via the image parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://pivot-weblog.svn.sf.net/viewvc/pivot-weblog?view=revision\u0026revision=3459",
"refsource": "CONFIRM",
"url": "http://pivot-weblog.svn.sf.net/viewvc/pivot-weblog?view=revision\u0026revision=3459"
},
{
"name": "pivotx-image-xss(64976)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64976"
},
{
"name": "http://twitter.com/pivotx/statuses/29889056263376898",
"refsource": "CONFIRM",
"url": "http://twitter.com/pivotx/statuses/29889056263376898"
},
{
"name": "43045",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43045"
},
{
"name": "70672",
"refsource": "OSVDB",
"url": "http://osvdb.org/70672"
},
{
"name": "http://blog.pivotx.net/2011-01-31/pivotx-223-released",
"refsource": "CONFIRM",
"url": "http://blog.pivotx.net/2011-01-31/pivotx-223-released"
},
{
"name": "8063",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8063"
},
{
"name": "45983",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/45983"
},
{
"name": "http://packetstormsecurity.org/files/view/97831/Pivotx222-xss.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/files/view/97831/Pivotx222-xss.txt"
},
{
"name": "http://www.autosectools.com/Advisories/PivotX.2.2.2_Reflected.Cross-site.Scripting_76.html",
"refsource": "MISC",
"url": "http://www.autosectools.com/Advisories/PivotX.2.2.2_Reflected.Cross-site.Scripting_76.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-0773",
"datePublished": "2011-02-04T00:00:00",
"dateReserved": "2011-02-03T00:00:00",
"dateUpdated": "2024-08-06T22:05:53.688Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-0772 (GCVE-0-2011-0772)
Vulnerability from cvelistv5 – Published: 2011-02-04 00:00 – Updated: 2024-08-06 22:05
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in PivotX 2.2.0, and possibly other versions before 2.2.2, allow remote attackers to inject arbitrary web script or HTML via the (1) color parameter to includes/blogroll.php or (2) src parameter to includes/timwrapper.php.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:05:53.510Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "70673",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/70673"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://blog.pivotx.net/archive/2011/01/11/pivotx-222-released"
},
{
"name": "45996",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/45996"
},
{
"name": "pivotx-blogroll-xss(64975)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64975"
},
{
"name": "43040",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43040"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://pivot-weblog.svn.sf.net/viewvc/pivot-weblog?view=revision\u0026revision=3409"
},
{
"name": "70674",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/70674"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://pivot-weblog.svn.sf.net/viewvc/pivot-weblog?view=revision\u0026revision=3410"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.htbridge.ch/advisory/xss_in_pivotx.html"
},
{
"name": "20110125 HTB22790: XSS in Pivotx",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/515964/100/0/threaded"
},
{
"name": "8062",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/8062"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.htbridge.ch/advisory/xss_in_pivotx_1.html"
},
{
"name": "20110125 HTB22788: XSS in Pivotx",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/515958/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-01-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in PivotX 2.2.0, and possibly other versions before 2.2.2, allow remote attackers to inject arbitrary web script or HTML via the (1) color parameter to includes/blogroll.php or (2) src parameter to includes/timwrapper.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "70673",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/70673"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://blog.pivotx.net/archive/2011/01/11/pivotx-222-released"
},
{
"name": "45996",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/45996"
},
{
"name": "pivotx-blogroll-xss(64975)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64975"
},
{
"name": "43040",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43040"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://pivot-weblog.svn.sf.net/viewvc/pivot-weblog?view=revision\u0026revision=3409"
},
{
"name": "70674",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/70674"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://pivot-weblog.svn.sf.net/viewvc/pivot-weblog?view=revision\u0026revision=3410"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.htbridge.ch/advisory/xss_in_pivotx.html"
},
{
"name": "20110125 HTB22790: XSS in Pivotx",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/515964/100/0/threaded"
},
{
"name": "8062",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/8062"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.htbridge.ch/advisory/xss_in_pivotx_1.html"
},
{
"name": "20110125 HTB22788: XSS in Pivotx",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/515958/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-0772",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in PivotX 2.2.0, and possibly other versions before 2.2.2, allow remote attackers to inject arbitrary web script or HTML via the (1) color parameter to includes/blogroll.php or (2) src parameter to includes/timwrapper.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "70673",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/70673"
},
{
"name": "http://blog.pivotx.net/archive/2011/01/11/pivotx-222-released",
"refsource": "CONFIRM",
"url": "http://blog.pivotx.net/archive/2011/01/11/pivotx-222-released"
},
{
"name": "45996",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/45996"
},
{
"name": "pivotx-blogroll-xss(64975)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64975"
},
{
"name": "43040",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43040"
},
{
"name": "http://pivot-weblog.svn.sf.net/viewvc/pivot-weblog?view=revision\u0026revision=3409",
"refsource": "CONFIRM",
"url": "http://pivot-weblog.svn.sf.net/viewvc/pivot-weblog?view=revision\u0026revision=3409"
},
{
"name": "70674",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/70674"
},
{
"name": "http://pivot-weblog.svn.sf.net/viewvc/pivot-weblog?view=revision\u0026revision=3410",
"refsource": "CONFIRM",
"url": "http://pivot-weblog.svn.sf.net/viewvc/pivot-weblog?view=revision\u0026revision=3410"
},
{
"name": "http://www.htbridge.ch/advisory/xss_in_pivotx.html",
"refsource": "MISC",
"url": "http://www.htbridge.ch/advisory/xss_in_pivotx.html"
},
{
"name": "20110125 HTB22790: XSS in Pivotx",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/515964/100/0/threaded"
},
{
"name": "8062",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8062"
},
{
"name": "http://www.htbridge.ch/advisory/xss_in_pivotx_1.html",
"refsource": "MISC",
"url": "http://www.htbridge.ch/advisory/xss_in_pivotx_1.html"
},
{
"name": "20110125 HTB22788: XSS in Pivotx",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/515958/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-0772",
"datePublished": "2011-02-04T00:00:00",
"dateReserved": "2011-02-03T00:00:00",
"dateUpdated": "2024-08-06T22:05:53.510Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-0775 (GCVE-0-2011-0775)
Vulnerability from cvelistv5 – Published: 2011-02-04 00:00 – Updated: 2024-08-06 22:05
VLAI?
Summary
pivotx/modules/module_image.php in PivotX 2.2.2 allows remote attackers to obtain sensitive information via a non-existent file in the image parameter, which reveals the installation path in an error message. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:05:53.381Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "70675",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/70675"
},
{
"name": "43041",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43041"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://pivot-weblog.svn.sf.net/viewvc/pivot-weblog?view=revision\u0026revision=3463"
},
{
"name": "pivotx-image-info-disc(64977)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64977"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-01-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "pivotx/modules/module_image.php in PivotX 2.2.2 allows remote attackers to obtain sensitive information via a non-existent file in the image parameter, which reveals the installation path in an error message. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "70675",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/70675"
},
{
"name": "43041",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43041"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://pivot-weblog.svn.sf.net/viewvc/pivot-weblog?view=revision\u0026revision=3463"
},
{
"name": "pivotx-image-info-disc(64977)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64977"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-0775",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "pivotx/modules/module_image.php in PivotX 2.2.2 allows remote attackers to obtain sensitive information via a non-existent file in the image parameter, which reveals the installation path in an error message. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "70675",
"refsource": "OSVDB",
"url": "http://osvdb.org/70675"
},
{
"name": "43041",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43041"
},
{
"name": "http://pivot-weblog.svn.sf.net/viewvc/pivot-weblog?view=revision\u0026revision=3463",
"refsource": "CONFIRM",
"url": "http://pivot-weblog.svn.sf.net/viewvc/pivot-weblog?view=revision\u0026revision=3463"
},
{
"name": "pivotx-image-info-disc(64977)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64977"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-0775",
"datePublished": "2011-02-04T00:00:00",
"dateReserved": "2011-02-03T00:00:00",
"dateUpdated": "2024-08-06T22:05:53.381Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}