This host is installed with Pivot and is prone to Cross Site Scripting vulnerability.

Successful exploitation will allow remote attackers to bypass security restrictions by gaining sensitive information, exectue arbitrary html or webscript code and redirect the user to other malicious sites. Impact Level: Application

No solution or patch was made available for at least one year since disclosure of this vulnerability. Likely none will be provided anymore. General solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one.

- The input pased into several parameters in the pivot/index.php and pivot/user.php is not sanitised before being processed. - An error in pivot/tb.php while processing invalid url parameter reveals sensitive information such as the installation path in an error message.

Pivot version 1.40.7 and prior.

• http://secunia.com/advisories/35363

---

Updated on 2017-03-28