Lucene search

[email protected]CVE-2015-5456

HistoryJul 08, 2015 - 3:59 p.m.

CVE-2015-5456

2015-07-0815:59:08

CWE-79

[email protected]

web.nvd.nist.gov

cve-2015-5456

cross-site scripting

xss vulnerability

pivotx

formclass.php

remote attackers

arbitrary web script

html injection

path_info

php_self variable

form actions

nvd

5.9 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.004 Low

EPSS

Percentile

73.9%

JSON

Cross-site scripting (XSS) vulnerability in the form method in modules/formclass.php in PivotX before 2.3.11 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO, related to the “PHP_SELF” variable and form actions.

Affected configurations

NVD

Node

pivotxpivotxRange≤2.3.10

CPENameOperatorVersion
pivotx:pivotxpivotxle2.3.10

CPE	Name	Operator	Version
pivotx:pivotx	pivotx	le	2.3.10

References

blog.pivotx.net/archive/2015/06/21/pivotx-2311-released

packetstormsecurity.com/files/132474/PivotX-2.3.10-Session-Fixation-XSS-Code-Execution.html

software-talk.org/blog/2015/06/session-fixation-xss-code-execution-vulnerability-pivotx/

sourceforge.net/p/pivot-weblog/code/4457/tree//branches/2.3.x/pivotx/modules/formclass.php?diff=51a4cb5e34309d75c0d1612a:4456

www.securityfocus.com/archive/1/535860/100/0/threaded

www.securityfocus.com/bid/75577

5.9 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.004 Low

EPSS

Percentile

73.9%

JSON

Related for CVE-2015-5456

prion1 cvelist1 nvd1 openvas1