Lucene search

CVE-2014-0341

🗓️ 15 Apr 2014 10:11:55Reported by certccType

cve🔗 web.nvd.nist.gov👁 30 Views🌐 WEB

Multiple XSS vulnerabilities in PivotX before 2.3.9 allow remote authenticated users to inject arbitrary web script or HTML via multiple fields

AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Reporter	Title	Published	Views	Family All 9
Tenable Nessus	FreeBSD : pivotx -- Multiple unrestricted file upload vulnerabilities (7313b0e3-27b4-11e5-a15a-50af736ef1c0)	14 Jul 201500:00	–	nessus
Tenable Nessus	FreeBSD : pivotx -- XSS (XSS) vulnerability (14d846d6-27b3-11e5-a15a-50af736ef1c0)	14 Jul 201500:00	–	nessus
Cvelist	CVE-2014-0341	15 Apr 201410:00	–	cvelist
Prion	Cross site scripting	15 Apr 201410:55	–	prion
NVD	CVE-2014-0341	15 Apr 201410:55	–	nvd
FreeBSD	pivotx -- cross-site scripting (XSS) vulnerability	15 Apr 201400:00	–	freebsd
FreeBSD	pivotx -- Multiple unrestricted file upload vulnerabilities	15 Apr 201400:00	–	freebsd
seebug.org	PivotX多个跨站脚本漏洞	16 Apr 201400:00	–	seebug
CERT	PivotX 2.3.8 contains multiple vulnerabilities	11 Apr 201400:00	–	cert

Nvd

Node

pivotx pivotxRange≤2.3.8

pivotx pivotxMatch2.1.0

pivotx pivotxMatch2.1.1

pivotx pivotxMatch2.1.2

pivotx pivotxMatch2.2.0

pivotx pivotxMatch2.2.0b1

pivotx pivotxMatch2.2.0b2

pivotx pivotxMatch2.2.0rc

pivotx pivotxMatch2.2.1

pivotx pivotxMatch2.2.2

pivotx pivotxMatch2.2.3

pivotx pivotxMatch2.2.5

pivotx pivotxMatch2.3.0

pivotx pivotxMatch2.3.2

pivotx pivotxMatch2.3.3

pivotx pivotxMatch2.3.5

pivotx pivotxMatch2.3.6

pivotx pivotxMatch2.3.7

Source	Link
sourceforge	www.sourceforge.net/p/pivot-weblog/code/4345/
securityfocus	www.securityfocus.com/bid/66800
sourceforge	www.sourceforge.net/p/pivot-weblog/code/4349/
blog	www.blog.pivotx.net/archive/2014/03/03/pivotx-239-released
pivotx	www.pivotx.net/page/security
kb	www.kb.cert.org/vuls/id/901156

Parameter	Position	Path	Description	CWE
title	request body	templates_internal/pages.tpl	XSS vulnerability via title field in templates_internal/pages.tpl	CWE-79
title	request body	templates_internal/home.tpl	XSS vulnerability via title field in templates_internal/home.tpl	CWE-79
title	request body	templates_internal/entries.tpl	XSS vulnerability via title field in templates_internal/entries.tpl	CWE-79
event	request body	objects.php	XSS vulnerability via event field in objects.php	CWE-79
email	request body	pages.php	XSS vulnerability via email or nickname field in pages.php	CWE-79
nickname	request body	pages.php	XSS vulnerability via email or nickname field in pages.php	CWE-79

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

15 Apr 2014 10:55Current

5.3Medium risk

Vulners AI Score5.3

CVSS23.5

EPSS0.0064

CWE-79