PivotX Multiple Cross-site Scripting Vulnerability Network Vulnerability

Summary

This host is running PivotX and is prone to multiple Cross-site Scripting vulnerabilities.

Impact

Successful exploitation will allow attacker to execute arbitrary HTML and script code in a user's browser session in the context of an affected site. Impact Level: Application.

Solution

Upgrade to PivotX version 2.2.2 or later For updates refer to http://pivotx.net/

Insight

The flaws are due to - Input passed to the 'color' parameter in 'pivotx/includes/blogroll.php', 'src' parameter in 'pivotx/includes/timwrapper.php' is not properly sanitised before being returned to the user.

Affected

PivotX version prior to 2.2.2

References

http://osvdb.org/70674
http://secunia.com/advisories/43040
http://xforce.iss.net/xforce/xfdb/64975

Updated on 2015-03-25

Severity

Classification

CVE CVE-2011-0772

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

123 Flash Chat Multiple Security Vulnerabilities
Adobe ColdFusion Unspecified Information Disclosure Vulnerability
Apache Tiles Multiple XSS Vulnerability
Adobe ColdFusion Multiple Vulnerabilities-03 May-2014
Apache Archiva Home Page Cross-Site Scripting vulnerability

Take action and discover your vulnerabilities