CVE-2011-0772
PivotX < 2.2.2 - Cross-Site Scripting via Color or Src Parameter
Title source: llmExploitation Summary
EIP tracks 2 public exploits for CVE-2011-0772. PoCs published by High-Tech Bridge SA.
AI-analyzed exploit summary This exploit demonstrates a cross-site scripting (XSS) vulnerability in PivotX 2.2.0 by injecting arbitrary JavaScript code via the 'src' parameter in 'timwrapper.php'. The PoC uses a simple alert dialog to confirm the vulnerability.
Description
Multiple cross-site scripting (XSS) vulnerabilities in PivotX 2.2.0, and possibly other versions before 2.2.2, allow remote attackers to inject arbitrary web script or HTML via the (1) color parameter to includes/blogroll.php or (2) src parameter to includes/timwrapper.php.
Exploits (2)
This exploit demonstrates a cross-site scripting (XSS) vulnerability in PivotX 2.2.0 by injecting arbitrary JavaScript code via the 'src' parameter in 'timwrapper.php'. The PoC uses a simple alert dialog to confirm the vulnerability.
This exploit demonstrates a reflected XSS vulnerability in PivotX 2.2.0 by injecting arbitrary JavaScript code via the 'color' parameter in the blogroll.php file. The payload closes a style tag and injects a script tag to trigger an alert.