CVE-2011-0773

Pivotx < 2.2.2 - XSS

Title source: rule

Description

Cross-site scripting (XSS) vulnerability in pivotx/modules/module_image.php in PivotX before 2.2.3 allows remote attackers to inject arbitrary web script or HTML via the image parameter.

Exploits (1)

exploitdb WRITEUP VERIFIED

by AutoSec Tools · textwebappsphp

https://www.exploit-db.com/exploits/35254

View Code ZIP pw:eip

References (10)

[Patch, Vendor Advisory] http://blog.pivotx.net/2011-01-31/pivotx-223-released

[Exploit] http://osvdb.org/70672

[Exploit] http://packetstormsecurity.org/files/view/97831/Pivotx222-xss.txt

[Various Sources] http://pivot-weblog.svn.sf.net/viewvc/pivot-weblog?view=revision&revision=3459

[Vendor Advisory] http://secunia.com/advisories/43045

[Various Sources] http://twitter.com/pivotx/statuses/29889056263376898

[Exploit] http://www.autosectools.com/Advisories/PivotX.2.2.2_Reflected.Cross-site.Scripting_76.html

[Exploit] http://www.securityfocus.com/bid/45983

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/64976

[Third Party Advisory] http://securityreason.com/securityalert/8063

Scores

EPSS 0.0858

EPSS Percentile 92.3%

Classification

CWE

CWE-79

Status draft

Affected Products (9)

pivotx/pivotx < 2.2.2

pivotx/pivotx

Timeline

Published Feb 04, 2011

Tracked Since Feb 18, 2026