FKIE_CVE-2011-0772

Vulnerability from fkie_nvd - Published: 2011-02-04 01:00 - Updated: 2025-04-11 00:51
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in PivotX 2.2.0, and possibly other versions before 2.2.2, allow remote attackers to inject arbitrary web script or HTML via the (1) color parameter to includes/blogroll.php or (2) src parameter to includes/timwrapper.php.
References
cve@mitre.orghttp://blog.pivotx.net/archive/2011/01/11/pivotx-222-releasedPatch, Vendor Advisory
cve@mitre.orghttp://pivot-weblog.svn.sf.net/viewvc/pivot-weblog?view=revision&revision=3409
cve@mitre.orghttp://pivot-weblog.svn.sf.net/viewvc/pivot-weblog?view=revision&revision=3410
cve@mitre.orghttp://secunia.com/advisories/43040Vendor Advisory
cve@mitre.orghttp://securityreason.com/securityalert/8062
cve@mitre.orghttp://www.htbridge.ch/advisory/xss_in_pivotx.htmlExploit
cve@mitre.orghttp://www.htbridge.ch/advisory/xss_in_pivotx_1.htmlExploit
cve@mitre.orghttp://www.osvdb.org/70673Exploit
cve@mitre.orghttp://www.osvdb.org/70674Exploit
cve@mitre.orghttp://www.securityfocus.com/archive/1/515958/100/0/threaded
cve@mitre.orghttp://www.securityfocus.com/archive/1/515964/100/0/threaded
cve@mitre.orghttp://www.securityfocus.com/bid/45996Exploit
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/64975
af854a3a-2127-422b-91ae-364da2661108http://blog.pivotx.net/archive/2011/01/11/pivotx-222-releasedPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://pivot-weblog.svn.sf.net/viewvc/pivot-weblog?view=revision&revision=3409
af854a3a-2127-422b-91ae-364da2661108http://pivot-weblog.svn.sf.net/viewvc/pivot-weblog?view=revision&revision=3410
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/43040Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://securityreason.com/securityalert/8062
af854a3a-2127-422b-91ae-364da2661108http://www.htbridge.ch/advisory/xss_in_pivotx.htmlExploit
af854a3a-2127-422b-91ae-364da2661108http://www.htbridge.ch/advisory/xss_in_pivotx_1.htmlExploit
af854a3a-2127-422b-91ae-364da2661108http://www.osvdb.org/70673Exploit
af854a3a-2127-422b-91ae-364da2661108http://www.osvdb.org/70674Exploit
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/515958/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/515964/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/45996Exploit
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/64975
Impacted products
Vendor Product Version
pivotx pivotx 2.1.0
pivotx pivotx 2.1.1
pivotx pivotx 2.1.2
pivotx pivotx 2.2.0
pivotx pivotx 2.2.0
pivotx pivotx 2.2.0
pivotx pivotx 2.2.0
pivotx pivotx 2.2.1
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:pivotx:pivotx:2.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F3990C45-2F1A-4E97-80CD-1BF07A6DEE84",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pivotx:pivotx:2.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "847926C5-EC16-420B-993F-D0C6991DD0AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pivotx:pivotx:2.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "101512B3-9573-45F0-8E23-ECCFBC7BC981",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pivotx:pivotx:2.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EEB36519-001A-446F-B680-2DCBF4A7C4F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pivotx:pivotx:2.2.0:b1:*:*:*:*:*:*",
              "matchCriteriaId": "D09514E0-221A-4A8C-BE34-CCCEDFBE54C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pivotx:pivotx:2.2.0:b2:*:*:*:*:*:*",
              "matchCriteriaId": "A43A812E-D866-45AB-92DF-A5617279FC10",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pivotx:pivotx:2.2.0:rc:*:*:*:*:*:*",
              "matchCriteriaId": "179DBEB0-22A0-46EA-9E48-BC3A79C1E37A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pivotx:pivotx:2.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2FF74C6E-E55E-4C01-B4C9-6BB60D57E889",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple cross-site scripting (XSS) vulnerabilities in PivotX 2.2.0, and possibly other versions before 2.2.2, allow remote attackers to inject arbitrary web script or HTML via the (1) color parameter to includes/blogroll.php or (2) src parameter to includes/timwrapper.php."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples vulnerabilidades de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en PivotX v2.2.2, y posiblemente en versiones anteriores a v2.2.2, permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de (1) el par\u00e1metro color de includes/blogroll.php y (2) el par\u00e1metro src de includes/timwrapper.php."
    }
  ],
  "id": "CVE-2011-0772",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2011-02-04T01:00:10.370",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://blog.pivotx.net/archive/2011/01/11/pivotx-222-released"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://pivot-weblog.svn.sf.net/viewvc/pivot-weblog?view=revision\u0026revision=3409"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://pivot-weblog.svn.sf.net/viewvc/pivot-weblog?view=revision\u0026revision=3410"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/43040"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securityreason.com/securityalert/8062"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.htbridge.ch/advisory/xss_in_pivotx.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.htbridge.ch/advisory/xss_in_pivotx_1.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.osvdb.org/70673"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.osvdb.org/70674"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/515958/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/515964/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.securityfocus.com/bid/45996"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64975"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://blog.pivotx.net/archive/2011/01/11/pivotx-222-released"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://pivot-weblog.svn.sf.net/viewvc/pivot-weblog?view=revision\u0026revision=3409"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://pivot-weblog.svn.sf.net/viewvc/pivot-weblog?view=revision\u0026revision=3410"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/43040"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securityreason.com/securityalert/8062"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.htbridge.ch/advisory/xss_in_pivotx.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.htbridge.ch/advisory/xss_in_pivotx_1.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.osvdb.org/70673"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.osvdb.org/70674"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/515958/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/515964/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.securityfocus.com/bid/45996"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64975"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.