Summary
This host is running PivotX and is prone to multiple Cross-site Scripting vulnerabilities.
Impact
Successful exploitation will allow attacker to execute arbitrary HTML and script code in a user's browser session in the context of an affected site.
Impact Level: Application.
Solution
Upgrade to PivotX version 2.2.2 or later
For updates refer to http://pivotx.net/
Insight
The flaws are due to
- Input passed to the 'color' parameter in 'pivotx/includes/blogroll.php', 'src' parameter in 'pivotx/includes/timwrapper.php' is not properly sanitised before being returned to the user.
Affected
PivotX version prior to 2.2.2
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2011-0772 -
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
Related Vulnerabilities
- Adobe ColdFusion Multiple Vulnerabilities-03 May-2014
- Adiscon LogAnalyzer 'highlight' Parameter Cross Site Scripting Vulnerability
- Apache Tomcat HTTP BIO Connector Information Disclosure Vulnerability
- Advanced Image Hosting Cross Site Scripting Vulnerability
- @Mail 'MailType' Parameter Cross Site Scripting Vulnerability