Summary
Detail | |||
---|---|---|---|
Vendor | Pivotx | First view | 2014-04-15 |
Product | Pivotx | Last view | 2015-07-08 |
Version | 2.3.7 | Type | Application |
Update | * | ||
Edition | * | ||
Language | * | ||
Sofware Edition | * | ||
Target Software | * | ||
Target Hardware | * | ||
Other | * | ||
CPE Product | cpe:2.3:a:pivotx:pivotx |
Activity : Overall
Related : CVE
Date | Alert | Description | |
---|---|---|---|
6.8 | 2015-07-08 | CVE-2015-5458 | Session fixation vulnerability in fileupload.php in PivotX before 2.3.11 allows remote attackers to hijack web sessions via the sess parameter. |
7.5 | 2015-07-08 | CVE-2015-5457 | PivotX before 2.3.11 does not validate the new file extension when renaming a file with multiple extensions, which allows remote attackers to execute arbitrary code by uploading a crafted file, as demonstrated by a file named foo.php.php. |
4.3 | 2015-07-08 | CVE-2015-5456 | Cross-site scripting (XSS) vulnerability in the form method in modules/formclass.php in PivotX before 2.3.11 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO, related to the "PHP_SELF" variable and form actions. |
7.5 | 2014-04-15 | CVE-2014-0342 | Multiple unrestricted file upload vulnerabilities in fileupload.php in PivotX before 2.3.9 allow remote authenticated users to execute arbitrary PHP code by uploading a file with a (1) .php or (2) .php# extension, and then accessing it via unspecified vectors. |
3.5 | 2014-04-15 | CVE-2014-0341 | Multiple cross-site scripting (XSS) vulnerabilities in PivotX before 2.3.9 allow remote authenticated users to inject arbitrary web script or HTML via the title field to (1) templates_internal/pages.tpl, (2) templates_internal/home.tpl, or (3) templates_internal/entries.tpl; (4) an event field to objects.php; or the (5) email or (6) nickname field to pages.php, related to templates_internal/users.tpl. |
CWE : Common Weakness Enumeration
% | id | Name |
---|---|---|
66% (2) | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') |
33% (1) | CWE-20 | Improper Input Validation |
Nessus® Vulnerability Scanner
id | Description |
---|---|
2015-07-14 | Name: The remote FreeBSD host is missing a security-related update. File: freebsd_pkg_14d846d627b311e5a15a50af736ef1c0.nasl - Type: ACT_GATHER_INFO |
2015-07-14 | Name: The remote FreeBSD host is missing a security-related update. File: freebsd_pkg_7313b0e327b411e5a15a50af736ef1c0.nasl - Type: ACT_GATHER_INFO |