Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-0772

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2011-0772
Last Modified 21 Sep 2011 11:28:53
Published 03 Feb 2011 08:00:10
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2011-0772

Summary

Multiple cross-site scripting (XSS) vulnerabilities in PivotX 2.2.0, and possibly other versions before 2.2.2, allow remote attackers to inject arbitrary web script or HTML via the (1) color parameter to includes/blogroll.php or (2) src parameter to includes/timwrapper.php.

Vulnerable Systems

Application

  • Pivotx 2.1.0

  • Pivotx 2.1.1

  • Pivotx 2.1.2

  • Pivotx 2.2.0

  • Pivotx 2.2.1


References

CONFIRM - http://blog.pivotx.net/archive/2011/01/11/pivotx-222-released

XF - pivotx-blogroll-xss(64975)

BID - 45996

BUGTRAQ - 20110125 HTB22790: XSS in Pivotx

BUGTRAQ - 20110125 HTB22788: XSS in Pivotx

OSVDB - 70674

OSVDB - 70673

MISC - http://www.htbridge.ch/advisory/xss_in_pivotx_1.html

MISC - http://www.htbridge.ch/advisory/xss_in_pivotx.html

SREASON - 8062

SECUNIA - 43040

CONFIRM - http://pivot-weblog.svn.sf.net/viewvc/pivot-weblog?view=revision&revision=3410

CONFIRM - http://pivot-weblog.svn.sf.net/viewvc/pivot-weblog?view=revision&revision=3409


Last Updated: 27 May 2016 10:56:02