Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
16 vulnerabilities by pivotx
CVE-2025-52367 (GCVE-0-2025-52367)
Vulnerability from cvelistv5 – Published: 2025-09-22 00:00 – Updated: 2025-09-23 18:13
VLAI?
Summary
Cross Site Scripting vulnerability in PivotX CMS v.3.0.0 RC 3 allows a remote attacker to execute arbitrary code via the subtitle field.
Severity ?
5.4 (Medium)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-52367",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-23T16:03:07.593751Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-23T18:13:24.806Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://medium.com/@hayton1088/cve-2025-52367-stored-xss-to-rce-via-privilege-escalation-in-pivotx-cms-v3-0-0-rc-3-a1b870bcb7b3"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross Site Scripting vulnerability in PivotX CMS v.3.0.0 RC 3 allows a remote attacker to execute arbitrary code via the subtitle field."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-22T18:43:18.692Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "http://pivotx.com"
},
{
"url": "https://medium.com/@hayton1088/cve-2025-52367-stored-xss-to-rce-via-privilege-escalation-in-pivotx-cms-v3-0-0-rc-3-a1b870bcb7b3"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-52367",
"datePublished": "2025-09-22T00:00:00.000Z",
"dateReserved": "2025-06-16T00:00:00.000Z",
"dateUpdated": "2025-09-23T18:13:24.806Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-14958 (GCVE-0-2017-14958)
Vulnerability from cvelistv5 – Published: 2017-10-01 15:00 – Updated: 2024-08-05 19:42
VLAI?
Summary
lib.php in PivotX 2.3.11 does not properly block uploads of dangerous file types by admin users, which allows remote PHP code execution via an upload of a .php file.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Date Public ?
2017-10-01 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:42:22.500Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://sourceforge.net/p/pivot-weblog/code/4490/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-10-01T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "lib.php in PivotX 2.3.11 does not properly block uploads of dangerous file types by admin users, which allows remote PHP code execution via an upload of a .php file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-01T15:57:02.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://sourceforge.net/p/pivot-weblog/code/4490/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-14958",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "lib.php in PivotX 2.3.11 does not properly block uploads of dangerous file types by admin users, which allows remote PHP code execution via an upload of a .php file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://sourceforge.net/p/pivot-weblog/code/4490/",
"refsource": "CONFIRM",
"url": "https://sourceforge.net/p/pivot-weblog/code/4490/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-14958",
"datePublished": "2017-10-01T15:00:00.000Z",
"dateReserved": "2017-10-01T00:00:00.000Z",
"dateUpdated": "2024-08-05T19:42:22.500Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-9332 (GCVE-0-2017-9332)
Vulnerability from cvelistv5 – Published: 2017-06-06 14:00 – Updated: 2024-08-05 17:02
VLAI?
Summary
The smarty_self function in modules/module_smarty.php in PivotX 2.3.11 mishandles the URI, allowing XSS via vectors involving quotes in the self Smarty tag.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Date Public ?
2017-06-06 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:02:44.346Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://sourceforge.net/p/pivot-weblog/code/4487/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-06-06T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The smarty_self function in modules/module_smarty.php in PivotX 2.3.11 mishandles the URI, allowing XSS via vectors involving quotes in the self Smarty tag."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-06T11:57:02.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://sourceforge.net/p/pivot-weblog/code/4487/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-9332",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The smarty_self function in modules/module_smarty.php in PivotX 2.3.11 mishandles the URI, allowing XSS via vectors involving quotes in the self Smarty tag."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://sourceforge.net/p/pivot-weblog/code/4487/",
"refsource": "MISC",
"url": "https://sourceforge.net/p/pivot-weblog/code/4487/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-9332",
"datePublished": "2017-06-06T14:00:00.000Z",
"dateReserved": "2017-05-31T00:00:00.000Z",
"dateUpdated": "2024-08-05T17:02:44.346Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-8402 (GCVE-0-2017-8402)
Vulnerability from cvelistv5 – Published: 2017-05-31 03:54 – Updated: 2024-08-05 16:34
VLAI?
Summary
PivotX 2.3.11 allows remote authenticated users to execute arbitrary PHP code via vectors involving an upload of a .htaccess file.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Date Public ?
2017-05-30 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:34:22.904Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://sourceforge.net/p/pivot-weblog/code/4489/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-05-30T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "PivotX 2.3.11 allows remote authenticated users to execute arbitrary PHP code via vectors involving an upload of a .htaccess file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-05-31T03:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://sourceforge.net/p/pivot-weblog/code/4489/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-8402",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PivotX 2.3.11 allows remote authenticated users to execute arbitrary PHP code via vectors involving an upload of a .htaccess file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://sourceforge.net/p/pivot-weblog/code/4489/",
"refsource": "MISC",
"url": "https://sourceforge.net/p/pivot-weblog/code/4489/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-8402",
"datePublished": "2017-05-31T03:54:00.000Z",
"dateReserved": "2017-05-01T00:00:00.000Z",
"dateUpdated": "2024-08-05T16:34:22.904Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-7570 (GCVE-0-2017-7570)
Vulnerability from cvelistv5 – Published: 2017-04-07 04:33 – Updated: 2024-08-05 16:04
VLAI?
Summary
PivotX 2.3.11 allows remote authenticated Advanced users to execute arbitrary PHP code by performing an upload with a safe file extension (such as .jpg) and then invoking the duplicate function to change to the .php extension.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Date Public ?
2017-04-06 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:04:12.041Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gist.github.com/X1nda/749b6aac6e080624d9f8ec81321335df"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-04-06T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "PivotX 2.3.11 allows remote authenticated Advanced users to execute arbitrary PHP code by performing an upload with a safe file extension (such as .jpg) and then invoking the duplicate function to change to the .php extension."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-04-07T04:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gist.github.com/X1nda/749b6aac6e080624d9f8ec81321335df"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-7570",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PivotX 2.3.11 allows remote authenticated Advanced users to execute arbitrary PHP code by performing an upload with a safe file extension (such as .jpg) and then invoking the duplicate function to change to the .php extension."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gist.github.com/X1nda/749b6aac6e080624d9f8ec81321335df",
"refsource": "MISC",
"url": "https://gist.github.com/X1nda/749b6aac6e080624d9f8ec81321335df"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-7570",
"datePublished": "2017-04-07T04:33:00.000Z",
"dateReserved": "2017-04-06T00:00:00.000Z",
"dateUpdated": "2024-08-05T16:04:12.041Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-5457 (GCVE-0-2015-5457)
Vulnerability from cvelistv5 – Published: 2015-07-08 15:00 – Updated: 2024-08-06 06:50
VLAI?
Summary
PivotX before 2.3.11 does not validate the new file extension when renaming a file with multiple extensions, which allows remote attackers to execute arbitrary code by uploading a crafted file, as demonstrated by a file named foo.php.php.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Date Public ?
2015-06-27 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:50:02.605Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://software-talk.org/blog/2015/06/session-fixation-xss-code-execution-vulnerability-pivotx/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/132474/PivotX-2.3.10-Session-Fixation-XSS-Code-Execution.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://blog.pivotx.net/archive/2015/06/21/pivotx-2311-released"
},
{
"name": "75577",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/75577"
},
{
"name": "20150627 Session Fixation, Reflected XSS, Code Execution in PivotX 2.3.10",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/535860/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/p/pivot-weblog/code/4452/tree//branches/2.3.x/pivotx/fileupload.php?diff=51a4cb5e34309d75c0d1612a:4451"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-06-27T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "PivotX before 2.3.11 does not validate the new file extension when renaming a file with multiple extensions, which allows remote attackers to execute arbitrary code by uploading a crafted file, as demonstrated by a file named foo.php.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://software-talk.org/blog/2015/06/session-fixation-xss-code-execution-vulnerability-pivotx/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/132474/PivotX-2.3.10-Session-Fixation-XSS-Code-Execution.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://blog.pivotx.net/archive/2015/06/21/pivotx-2311-released"
},
{
"name": "75577",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/75577"
},
{
"name": "20150627 Session Fixation, Reflected XSS, Code Execution in PivotX 2.3.10",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/535860/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/p/pivot-weblog/code/4452/tree//branches/2.3.x/pivotx/fileupload.php?diff=51a4cb5e34309d75c0d1612a:4451"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-5457",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PivotX before 2.3.11 does not validate the new file extension when renaming a file with multiple extensions, which allows remote attackers to execute arbitrary code by uploading a crafted file, as demonstrated by a file named foo.php.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://software-talk.org/blog/2015/06/session-fixation-xss-code-execution-vulnerability-pivotx/",
"refsource": "MISC",
"url": "http://software-talk.org/blog/2015/06/session-fixation-xss-code-execution-vulnerability-pivotx/"
},
{
"name": "http://packetstormsecurity.com/files/132474/PivotX-2.3.10-Session-Fixation-XSS-Code-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/132474/PivotX-2.3.10-Session-Fixation-XSS-Code-Execution.html"
},
{
"name": "http://blog.pivotx.net/archive/2015/06/21/pivotx-2311-released",
"refsource": "CONFIRM",
"url": "http://blog.pivotx.net/archive/2015/06/21/pivotx-2311-released"
},
{
"name": "75577",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/75577"
},
{
"name": "20150627 Session Fixation, Reflected XSS, Code Execution in PivotX 2.3.10",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/535860/100/0/threaded"
},
{
"name": "http://sourceforge.net/p/pivot-weblog/code/4452/tree//branches/2.3.x/pivotx/fileupload.php?diff=51a4cb5e34309d75c0d1612a:4451",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/p/pivot-weblog/code/4452/tree//branches/2.3.x/pivotx/fileupload.php?diff=51a4cb5e34309d75c0d1612a:4451"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-5457",
"datePublished": "2015-07-08T15:00:00.000Z",
"dateReserved": "2015-07-08T00:00:00.000Z",
"dateUpdated": "2024-08-06T06:50:02.605Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-5456 (GCVE-0-2015-5456)
Vulnerability from cvelistv5 – Published: 2015-07-08 15:00 – Updated: 2024-08-06 06:50
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in the form method in modules/formclass.php in PivotX before 2.3.11 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO, related to the "PHP_SELF" variable and form actions.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Date Public ?
2015-06-27 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:50:02.128Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/p/pivot-weblog/code/4457/tree//branches/2.3.x/pivotx/modules/formclass.php?diff=51a4cb5e34309d75c0d1612a:4456"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://software-talk.org/blog/2015/06/session-fixation-xss-code-execution-vulnerability-pivotx/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/132474/PivotX-2.3.10-Session-Fixation-XSS-Code-Execution.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://blog.pivotx.net/archive/2015/06/21/pivotx-2311-released"
},
{
"name": "75577",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/75577"
},
{
"name": "20150627 Session Fixation, Reflected XSS, Code Execution in PivotX 2.3.10",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/535860/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-06-27T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the form method in modules/formclass.php in PivotX before 2.3.11 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO, related to the \"PHP_SELF\" variable and form actions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/p/pivot-weblog/code/4457/tree//branches/2.3.x/pivotx/modules/formclass.php?diff=51a4cb5e34309d75c0d1612a:4456"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://software-talk.org/blog/2015/06/session-fixation-xss-code-execution-vulnerability-pivotx/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/132474/PivotX-2.3.10-Session-Fixation-XSS-Code-Execution.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://blog.pivotx.net/archive/2015/06/21/pivotx-2311-released"
},
{
"name": "75577",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/75577"
},
{
"name": "20150627 Session Fixation, Reflected XSS, Code Execution in PivotX 2.3.10",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/535860/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-5456",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the form method in modules/formclass.php in PivotX before 2.3.11 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO, related to the \"PHP_SELF\" variable and form actions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://sourceforge.net/p/pivot-weblog/code/4457/tree//branches/2.3.x/pivotx/modules/formclass.php?diff=51a4cb5e34309d75c0d1612a:4456",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/p/pivot-weblog/code/4457/tree//branches/2.3.x/pivotx/modules/formclass.php?diff=51a4cb5e34309d75c0d1612a:4456"
},
{
"name": "http://software-talk.org/blog/2015/06/session-fixation-xss-code-execution-vulnerability-pivotx/",
"refsource": "MISC",
"url": "http://software-talk.org/blog/2015/06/session-fixation-xss-code-execution-vulnerability-pivotx/"
},
{
"name": "http://packetstormsecurity.com/files/132474/PivotX-2.3.10-Session-Fixation-XSS-Code-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/132474/PivotX-2.3.10-Session-Fixation-XSS-Code-Execution.html"
},
{
"name": "http://blog.pivotx.net/archive/2015/06/21/pivotx-2311-released",
"refsource": "CONFIRM",
"url": "http://blog.pivotx.net/archive/2015/06/21/pivotx-2311-released"
},
{
"name": "75577",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/75577"
},
{
"name": "20150627 Session Fixation, Reflected XSS, Code Execution in PivotX 2.3.10",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/535860/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-5456",
"datePublished": "2015-07-08T15:00:00.000Z",
"dateReserved": "2015-07-08T00:00:00.000Z",
"dateUpdated": "2024-08-06T06:50:02.128Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-5458 (GCVE-0-2015-5458)
Vulnerability from cvelistv5 – Published: 2015-07-08 15:00 – Updated: 2024-08-06 06:50
VLAI?
Summary
Session fixation vulnerability in fileupload.php in PivotX before 2.3.11 allows remote attackers to hijack web sessions via the sess parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Date Public ?
2015-06-27 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:50:02.403Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://software-talk.org/blog/2015/06/session-fixation-xss-code-execution-vulnerability-pivotx/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/132474/PivotX-2.3.10-Session-Fixation-XSS-Code-Execution.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://blog.pivotx.net/archive/2015/06/21/pivotx-2311-released"
},
{
"name": "75577",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/75577"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/p/pivot-weblog/code/4450/tree//branches/2.3.x/pivotx/fileupload.php?diff=51a4cb5e34309d75c0d1612a:4449"
},
{
"name": "20150627 Session Fixation, Reflected XSS, Code Execution in PivotX 2.3.10",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/535860/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-06-27T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Session fixation vulnerability in fileupload.php in PivotX before 2.3.11 allows remote attackers to hijack web sessions via the sess parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://software-talk.org/blog/2015/06/session-fixation-xss-code-execution-vulnerability-pivotx/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/132474/PivotX-2.3.10-Session-Fixation-XSS-Code-Execution.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://blog.pivotx.net/archive/2015/06/21/pivotx-2311-released"
},
{
"name": "75577",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/75577"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/p/pivot-weblog/code/4450/tree//branches/2.3.x/pivotx/fileupload.php?diff=51a4cb5e34309d75c0d1612a:4449"
},
{
"name": "20150627 Session Fixation, Reflected XSS, Code Execution in PivotX 2.3.10",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/535860/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-5458",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Session fixation vulnerability in fileupload.php in PivotX before 2.3.11 allows remote attackers to hijack web sessions via the sess parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://software-talk.org/blog/2015/06/session-fixation-xss-code-execution-vulnerability-pivotx/",
"refsource": "MISC",
"url": "http://software-talk.org/blog/2015/06/session-fixation-xss-code-execution-vulnerability-pivotx/"
},
{
"name": "http://packetstormsecurity.com/files/132474/PivotX-2.3.10-Session-Fixation-XSS-Code-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/132474/PivotX-2.3.10-Session-Fixation-XSS-Code-Execution.html"
},
{
"name": "http://blog.pivotx.net/archive/2015/06/21/pivotx-2311-released",
"refsource": "CONFIRM",
"url": "http://blog.pivotx.net/archive/2015/06/21/pivotx-2311-released"
},
{
"name": "75577",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/75577"
},
{
"name": "http://sourceforge.net/p/pivot-weblog/code/4450/tree//branches/2.3.x/pivotx/fileupload.php?diff=51a4cb5e34309d75c0d1612a:4449",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/p/pivot-weblog/code/4450/tree//branches/2.3.x/pivotx/fileupload.php?diff=51a4cb5e34309d75c0d1612a:4449"
},
{
"name": "20150627 Session Fixation, Reflected XSS, Code Execution in PivotX 2.3.10",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/535860/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-5458",
"datePublished": "2015-07-08T15:00:00.000Z",
"dateReserved": "2015-07-08T00:00:00.000Z",
"dateUpdated": "2024-08-06T06:50:02.403Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-0341 (GCVE-0-2014-0341)
Vulnerability from cvelistv5 – Published: 2014-04-15 10:00 – Updated: 2024-08-06 09:13
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in PivotX before 2.3.9 allow remote authenticated users to inject arbitrary web script or HTML via the title field to (1) templates_internal/pages.tpl, (2) templates_internal/home.tpl, or (3) templates_internal/entries.tpl; (4) an event field to objects.php; or the (5) email or (6) nickname field to pages.php, related to templates_internal/users.tpl.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Date Public ?
2014-03-03 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:13:10.326Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/p/pivot-weblog/code/4349/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://blog.pivotx.net/archive/2014/03/03/pivotx-239-released"
},
{
"name": "66800",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/66800"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://pivotx.net/page/security"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/p/pivot-weblog/code/4345/"
},
{
"name": "VU#901156",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/901156"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-03-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in PivotX before 2.3.9 allow remote authenticated users to inject arbitrary web script or HTML via the title field to (1) templates_internal/pages.tpl, (2) templates_internal/home.tpl, or (3) templates_internal/entries.tpl; (4) an event field to objects.php; or the (5) email or (6) nickname field to pages.php, related to templates_internal/users.tpl."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-06-02T14:57:00.000Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/p/pivot-weblog/code/4349/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://blog.pivotx.net/archive/2014/03/03/pivotx-239-released"
},
{
"name": "66800",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/66800"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://pivotx.net/page/security"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/p/pivot-weblog/code/4345/"
},
{
"name": "VU#901156",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/901156"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-0341",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in PivotX before 2.3.9 allow remote authenticated users to inject arbitrary web script or HTML via the title field to (1) templates_internal/pages.tpl, (2) templates_internal/home.tpl, or (3) templates_internal/entries.tpl; (4) an event field to objects.php; or the (5) email or (6) nickname field to pages.php, related to templates_internal/users.tpl."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://sourceforge.net/p/pivot-weblog/code/4349/",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/p/pivot-weblog/code/4349/"
},
{
"name": "http://blog.pivotx.net/archive/2014/03/03/pivotx-239-released",
"refsource": "CONFIRM",
"url": "http://blog.pivotx.net/archive/2014/03/03/pivotx-239-released"
},
{
"name": "66800",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/66800"
},
{
"name": "http://pivotx.net/page/security",
"refsource": "CONFIRM",
"url": "http://pivotx.net/page/security"
},
{
"name": "http://sourceforge.net/p/pivot-weblog/code/4345/",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/p/pivot-weblog/code/4345/"
},
{
"name": "VU#901156",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/901156"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2014-0341",
"datePublished": "2014-04-15T10:00:00.000Z",
"dateReserved": "2013-12-05T00:00:00.000Z",
"dateUpdated": "2024-08-06T09:13:10.326Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-0342 (GCVE-0-2014-0342)
Vulnerability from cvelistv5 – Published: 2014-04-15 10:00 – Updated: 2024-08-06 09:13
VLAI?
Summary
Multiple unrestricted file upload vulnerabilities in fileupload.php in PivotX before 2.3.9 allow remote authenticated users to execute arbitrary PHP code by uploading a file with a (1) .php or (2) .php# extension, and then accessing it via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Date Public ?
2014-03-03 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:13:09.835Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://blog.pivotx.net/archive/2014/03/03/pivotx-239-released"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/p/pivot-weblog/code/4347/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://pivotx.net/page/security"
},
{
"name": "VU#901156",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/901156"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-03-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple unrestricted file upload vulnerabilities in fileupload.php in PivotX before 2.3.9 allow remote authenticated users to execute arbitrary PHP code by uploading a file with a (1) .php or (2) .php# extension, and then accessing it via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-04-15T03:57:00.000Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://blog.pivotx.net/archive/2014/03/03/pivotx-239-released"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/p/pivot-weblog/code/4347/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://pivotx.net/page/security"
},
{
"name": "VU#901156",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/901156"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-0342",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple unrestricted file upload vulnerabilities in fileupload.php in PivotX before 2.3.9 allow remote authenticated users to execute arbitrary PHP code by uploading a file with a (1) .php or (2) .php# extension, and then accessing it via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://blog.pivotx.net/archive/2014/03/03/pivotx-239-released",
"refsource": "CONFIRM",
"url": "http://blog.pivotx.net/archive/2014/03/03/pivotx-239-released"
},
{
"name": "http://sourceforge.net/p/pivot-weblog/code/4347/",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/p/pivot-weblog/code/4347/"
},
{
"name": "http://pivotx.net/page/security",
"refsource": "CONFIRM",
"url": "http://pivotx.net/page/security"
},
{
"name": "VU#901156",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/901156"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2014-0342",
"datePublished": "2014-04-15T10:00:00.000Z",
"dateReserved": "2013-12-05T00:00:00.000Z",
"dateUpdated": "2024-08-06T09:13:09.835Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-2274 (GCVE-0-2012-2274)
Vulnerability from cvelistv5 – Published: 2012-08-13 23:00 – Updated: 2024-08-06 19:26
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in pivotx/ajaxhelper.php in PivotX 2.3.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the file parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Date Public ?
2012-04-18 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:26:08.974Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.htbridge.com/advisory/HTB23087"
},
{
"name": "53434",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/53434"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://pivot-weblog.svn.sourceforge.net/viewvc/pivot-weblog?view=revision\u0026revision=4145"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://pivotx.net/page/security"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://pivot-weblog.svn.sourceforge.net/viewvc/pivot-weblog?view=revision\u0026revision=4147"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-04-18T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in pivotx/ajaxhelper.php in PivotX 2.3.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the file parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-09-29T09:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.htbridge.com/advisory/HTB23087"
},
{
"name": "53434",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/53434"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://pivot-weblog.svn.sourceforge.net/viewvc/pivot-weblog?view=revision\u0026revision=4145"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://pivotx.net/page/security"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://pivot-weblog.svn.sourceforge.net/viewvc/pivot-weblog?view=revision\u0026revision=4147"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-2274",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in pivotx/ajaxhelper.php in PivotX 2.3.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the file parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.htbridge.com/advisory/HTB23087",
"refsource": "MISC",
"url": "https://www.htbridge.com/advisory/HTB23087"
},
{
"name": "53434",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/53434"
},
{
"name": "http://pivot-weblog.svn.sourceforge.net/viewvc/pivot-weblog?view=revision\u0026revision=4145",
"refsource": "CONFIRM",
"url": "http://pivot-weblog.svn.sourceforge.net/viewvc/pivot-weblog?view=revision\u0026revision=4145"
},
{
"name": "http://pivotx.net/page/security",
"refsource": "CONFIRM",
"url": "http://pivotx.net/page/security"
},
{
"name": "http://pivot-weblog.svn.sourceforge.net/viewvc/pivot-weblog?view=revision\u0026revision=4147",
"refsource": "CONFIRM",
"url": "http://pivot-weblog.svn.sourceforge.net/viewvc/pivot-weblog?view=revision\u0026revision=4147"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-2274",
"datePublished": "2012-08-13T23:00:00.000Z",
"dateReserved": "2012-04-18T00:00:00.000Z",
"dateUpdated": "2024-08-06T19:26:08.974Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-1035 (GCVE-0-2011-1035)
Vulnerability from cvelistv5 – Published: 2011-02-18 23:00 – Updated: 2024-08-06 22:14
VLAI?
Summary
The password reset in PivotX before 2.2.4 allows remote attackers to modify the passwords of arbitrary users via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
Date Public ?
2011-02-16 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:14:27.244Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://forum.pivotx.net/viewtopic.php?f=2\u0026t=1961"
},
{
"name": "pivotx-resetpassword-security-bypass(65539)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65539"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://forum.pivotx.net/viewtopic.php?p=10639#p10639"
},
{
"name": "ADV-2011-0445",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0445"
},
{
"name": "43417",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43417"
},
{
"name": "70935",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/70935"
},
{
"name": "46463",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/46463"
},
{
"name": "VU#175068",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/175068"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://forum.pivotx.net/viewtopic.php?f=2\u0026t=1967"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://blog.pivotx.net/2011-02-16/pivotx-225-released"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-02-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The password reset in PivotX before 2.2.4 allows remote attackers to modify the passwords of arbitrary users via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://forum.pivotx.net/viewtopic.php?f=2\u0026t=1961"
},
{
"name": "pivotx-resetpassword-security-bypass(65539)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65539"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://forum.pivotx.net/viewtopic.php?p=10639#p10639"
},
{
"name": "ADV-2011-0445",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0445"
},
{
"name": "43417",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43417"
},
{
"name": "70935",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/70935"
},
{
"name": "46463",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/46463"
},
{
"name": "VU#175068",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/175068"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://forum.pivotx.net/viewtopic.php?f=2\u0026t=1967"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://blog.pivotx.net/2011-02-16/pivotx-225-released"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-1035",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The password reset in PivotX before 2.2.4 allows remote attackers to modify the passwords of arbitrary users via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://forum.pivotx.net/viewtopic.php?f=2\u0026t=1961",
"refsource": "CONFIRM",
"url": "http://forum.pivotx.net/viewtopic.php?f=2\u0026t=1961"
},
{
"name": "pivotx-resetpassword-security-bypass(65539)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65539"
},
{
"name": "http://forum.pivotx.net/viewtopic.php?p=10639#p10639",
"refsource": "MISC",
"url": "http://forum.pivotx.net/viewtopic.php?p=10639#p10639"
},
{
"name": "ADV-2011-0445",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0445"
},
{
"name": "43417",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43417"
},
{
"name": "70935",
"refsource": "OSVDB",
"url": "http://osvdb.org/70935"
},
{
"name": "46463",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/46463"
},
{
"name": "VU#175068",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/175068"
},
{
"name": "http://forum.pivotx.net/viewtopic.php?f=2\u0026t=1967",
"refsource": "CONFIRM",
"url": "http://forum.pivotx.net/viewtopic.php?f=2\u0026t=1967"
},
{
"name": "http://blog.pivotx.net/2011-02-16/pivotx-225-released",
"refsource": "CONFIRM",
"url": "http://blog.pivotx.net/2011-02-16/pivotx-225-released"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-1035",
"datePublished": "2011-02-18T23:00:00.000Z",
"dateReserved": "2011-02-18T00:00:00.000Z",
"dateUpdated": "2024-08-06T22:14:27.244Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-0774 (GCVE-0-2011-0774)
Vulnerability from cvelistv5 – Published: 2011-02-04 00:00 – Updated: 2024-08-06 22:05
VLAI?
Summary
PivotX before 2.2.2 allows remote attackers to obtain sensitive information via a direct request to (1) includes/ping.php and (2) includes/spamping.php, which reveals the installation path in an error message.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Date Public ?
2011-01-25 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:05:53.342Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://blog.pivotx.net/archive/2011/01/11/pivotx-222-released"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.htbridge.ch/advisory/path_disclousure_in_pivotx.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://pivot-weblog.svn.sf.net/viewvc/pivot-weblog?view=revision\u0026revision=3410"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-01-25T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "PivotX before 2.2.2 allows remote attackers to obtain sensitive information via a direct request to (1) includes/ping.php and (2) includes/spamping.php, which reveals the installation path in an error message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-02-22T10:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://blog.pivotx.net/archive/2011/01/11/pivotx-222-released"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.htbridge.ch/advisory/path_disclousure_in_pivotx.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://pivot-weblog.svn.sf.net/viewvc/pivot-weblog?view=revision\u0026revision=3410"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-0774",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PivotX before 2.2.2 allows remote attackers to obtain sensitive information via a direct request to (1) includes/ping.php and (2) includes/spamping.php, which reveals the installation path in an error message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://blog.pivotx.net/archive/2011/01/11/pivotx-222-released",
"refsource": "CONFIRM",
"url": "http://blog.pivotx.net/archive/2011/01/11/pivotx-222-released"
},
{
"name": "http://www.htbridge.ch/advisory/path_disclousure_in_pivotx.html",
"refsource": "MISC",
"url": "http://www.htbridge.ch/advisory/path_disclousure_in_pivotx.html"
},
{
"name": "http://pivot-weblog.svn.sf.net/viewvc/pivot-weblog?view=revision\u0026revision=3410",
"refsource": "CONFIRM",
"url": "http://pivot-weblog.svn.sf.net/viewvc/pivot-weblog?view=revision\u0026revision=3410"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-0774",
"datePublished": "2011-02-04T00:00:00.000Z",
"dateReserved": "2011-02-03T00:00:00.000Z",
"dateUpdated": "2024-08-06T22:05:53.342Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-0775 (GCVE-0-2011-0775)
Vulnerability from cvelistv5 – Published: 2011-02-04 00:00 – Updated: 2024-08-06 22:05
VLAI?
Summary
pivotx/modules/module_image.php in PivotX 2.2.2 allows remote attackers to obtain sensitive information via a non-existent file in the image parameter, which reveals the installation path in an error message. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Date Public ?
2011-01-26 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:05:53.381Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "70675",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/70675"
},
{
"name": "43041",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43041"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://pivot-weblog.svn.sf.net/viewvc/pivot-weblog?view=revision\u0026revision=3463"
},
{
"name": "pivotx-image-info-disc(64977)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64977"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-01-26T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "pivotx/modules/module_image.php in PivotX 2.2.2 allows remote attackers to obtain sensitive information via a non-existent file in the image parameter, which reveals the installation path in an error message. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "70675",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/70675"
},
{
"name": "43041",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43041"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://pivot-weblog.svn.sf.net/viewvc/pivot-weblog?view=revision\u0026revision=3463"
},
{
"name": "pivotx-image-info-disc(64977)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64977"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-0775",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "pivotx/modules/module_image.php in PivotX 2.2.2 allows remote attackers to obtain sensitive information via a non-existent file in the image parameter, which reveals the installation path in an error message. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "70675",
"refsource": "OSVDB",
"url": "http://osvdb.org/70675"
},
{
"name": "43041",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43041"
},
{
"name": "http://pivot-weblog.svn.sf.net/viewvc/pivot-weblog?view=revision\u0026revision=3463",
"refsource": "CONFIRM",
"url": "http://pivot-weblog.svn.sf.net/viewvc/pivot-weblog?view=revision\u0026revision=3463"
},
{
"name": "pivotx-image-info-disc(64977)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64977"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-0775",
"datePublished": "2011-02-04T00:00:00.000Z",
"dateReserved": "2011-02-03T00:00:00.000Z",
"dateUpdated": "2024-08-06T22:05:53.381Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-0772 (GCVE-0-2011-0772)
Vulnerability from cvelistv5 – Published: 2011-02-04 00:00 – Updated: 2024-08-06 22:05
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in PivotX 2.2.0, and possibly other versions before 2.2.2, allow remote attackers to inject arbitrary web script or HTML via the (1) color parameter to includes/blogroll.php or (2) src parameter to includes/timwrapper.php.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||
Date Public ?
2011-01-25 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:05:53.510Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "70673",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/70673"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://blog.pivotx.net/archive/2011/01/11/pivotx-222-released"
},
{
"name": "45996",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/45996"
},
{
"name": "pivotx-blogroll-xss(64975)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64975"
},
{
"name": "43040",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43040"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://pivot-weblog.svn.sf.net/viewvc/pivot-weblog?view=revision\u0026revision=3409"
},
{
"name": "70674",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/70674"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://pivot-weblog.svn.sf.net/viewvc/pivot-weblog?view=revision\u0026revision=3410"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.htbridge.ch/advisory/xss_in_pivotx.html"
},
{
"name": "20110125 HTB22790: XSS in Pivotx",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/515964/100/0/threaded"
},
{
"name": "8062",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/8062"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.htbridge.ch/advisory/xss_in_pivotx_1.html"
},
{
"name": "20110125 HTB22788: XSS in Pivotx",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/515958/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-01-25T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in PivotX 2.2.0, and possibly other versions before 2.2.2, allow remote attackers to inject arbitrary web script or HTML via the (1) color parameter to includes/blogroll.php or (2) src parameter to includes/timwrapper.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "70673",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/70673"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://blog.pivotx.net/archive/2011/01/11/pivotx-222-released"
},
{
"name": "45996",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/45996"
},
{
"name": "pivotx-blogroll-xss(64975)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64975"
},
{
"name": "43040",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43040"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://pivot-weblog.svn.sf.net/viewvc/pivot-weblog?view=revision\u0026revision=3409"
},
{
"name": "70674",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/70674"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://pivot-weblog.svn.sf.net/viewvc/pivot-weblog?view=revision\u0026revision=3410"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.htbridge.ch/advisory/xss_in_pivotx.html"
},
{
"name": "20110125 HTB22790: XSS in Pivotx",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/515964/100/0/threaded"
},
{
"name": "8062",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/8062"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.htbridge.ch/advisory/xss_in_pivotx_1.html"
},
{
"name": "20110125 HTB22788: XSS in Pivotx",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/515958/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-0772",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in PivotX 2.2.0, and possibly other versions before 2.2.2, allow remote attackers to inject arbitrary web script or HTML via the (1) color parameter to includes/blogroll.php or (2) src parameter to includes/timwrapper.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "70673",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/70673"
},
{
"name": "http://blog.pivotx.net/archive/2011/01/11/pivotx-222-released",
"refsource": "CONFIRM",
"url": "http://blog.pivotx.net/archive/2011/01/11/pivotx-222-released"
},
{
"name": "45996",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/45996"
},
{
"name": "pivotx-blogroll-xss(64975)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64975"
},
{
"name": "43040",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43040"
},
{
"name": "http://pivot-weblog.svn.sf.net/viewvc/pivot-weblog?view=revision\u0026revision=3409",
"refsource": "CONFIRM",
"url": "http://pivot-weblog.svn.sf.net/viewvc/pivot-weblog?view=revision\u0026revision=3409"
},
{
"name": "70674",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/70674"
},
{
"name": "http://pivot-weblog.svn.sf.net/viewvc/pivot-weblog?view=revision\u0026revision=3410",
"refsource": "CONFIRM",
"url": "http://pivot-weblog.svn.sf.net/viewvc/pivot-weblog?view=revision\u0026revision=3410"
},
{
"name": "http://www.htbridge.ch/advisory/xss_in_pivotx.html",
"refsource": "MISC",
"url": "http://www.htbridge.ch/advisory/xss_in_pivotx.html"
},
{
"name": "20110125 HTB22790: XSS in Pivotx",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/515964/100/0/threaded"
},
{
"name": "8062",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8062"
},
{
"name": "http://www.htbridge.ch/advisory/xss_in_pivotx_1.html",
"refsource": "MISC",
"url": "http://www.htbridge.ch/advisory/xss_in_pivotx_1.html"
},
{
"name": "20110125 HTB22788: XSS in Pivotx",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/515958/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-0772",
"datePublished": "2011-02-04T00:00:00.000Z",
"dateReserved": "2011-02-03T00:00:00.000Z",
"dateUpdated": "2024-08-06T22:05:53.510Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-0773 (GCVE-0-2011-0773)
Vulnerability from cvelistv5 – Published: 2011-02-04 00:00 – Updated: 2024-08-06 22:05
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in pivotx/modules/module_image.php in PivotX before 2.2.3 allows remote attackers to inject arbitrary web script or HTML via the image parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
Date Public ?
2011-01-25 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:05:53.688Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://pivot-weblog.svn.sf.net/viewvc/pivot-weblog?view=revision\u0026revision=3459"
},
{
"name": "pivotx-image-xss(64976)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64976"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://twitter.com/pivotx/statuses/29889056263376898"
},
{
"name": "43045",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43045"
},
{
"name": "70672",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/70672"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://blog.pivotx.net/2011-01-31/pivotx-223-released"
},
{
"name": "8063",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/8063"
},
{
"name": "45983",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/45983"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.org/files/view/97831/Pivotx222-xss.txt"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.autosectools.com/Advisories/PivotX.2.2.2_Reflected.Cross-site.Scripting_76.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-01-25T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in pivotx/modules/module_image.php in PivotX before 2.2.3 allows remote attackers to inject arbitrary web script or HTML via the image parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://pivot-weblog.svn.sf.net/viewvc/pivot-weblog?view=revision\u0026revision=3459"
},
{
"name": "pivotx-image-xss(64976)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64976"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://twitter.com/pivotx/statuses/29889056263376898"
},
{
"name": "43045",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43045"
},
{
"name": "70672",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/70672"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://blog.pivotx.net/2011-01-31/pivotx-223-released"
},
{
"name": "8063",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/8063"
},
{
"name": "45983",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/45983"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.org/files/view/97831/Pivotx222-xss.txt"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.autosectools.com/Advisories/PivotX.2.2.2_Reflected.Cross-site.Scripting_76.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-0773",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in pivotx/modules/module_image.php in PivotX before 2.2.3 allows remote attackers to inject arbitrary web script or HTML via the image parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://pivot-weblog.svn.sf.net/viewvc/pivot-weblog?view=revision\u0026revision=3459",
"refsource": "CONFIRM",
"url": "http://pivot-weblog.svn.sf.net/viewvc/pivot-weblog?view=revision\u0026revision=3459"
},
{
"name": "pivotx-image-xss(64976)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64976"
},
{
"name": "http://twitter.com/pivotx/statuses/29889056263376898",
"refsource": "CONFIRM",
"url": "http://twitter.com/pivotx/statuses/29889056263376898"
},
{
"name": "43045",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43045"
},
{
"name": "70672",
"refsource": "OSVDB",
"url": "http://osvdb.org/70672"
},
{
"name": "http://blog.pivotx.net/2011-01-31/pivotx-223-released",
"refsource": "CONFIRM",
"url": "http://blog.pivotx.net/2011-01-31/pivotx-223-released"
},
{
"name": "8063",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8063"
},
{
"name": "45983",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/45983"
},
{
"name": "http://packetstormsecurity.org/files/view/97831/Pivotx222-xss.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/files/view/97831/Pivotx222-xss.txt"
},
{
"name": "http://www.autosectools.com/Advisories/PivotX.2.2.2_Reflected.Cross-site.Scripting_76.html",
"refsource": "MISC",
"url": "http://www.autosectools.com/Advisories/PivotX.2.2.2_Reflected.Cross-site.Scripting_76.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-0773",
"datePublished": "2011-02-04T00:00:00.000Z",
"dateReserved": "2011-02-03T00:00:00.000Z",
"dateUpdated": "2024-08-06T22:05:53.688Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}