ID CVE-2015-5456 Type cve Reporter cve@mitre.org Modified 2018-10-09T19:57:00
Description
Cross-site scripting (XSS) vulnerability in the form method in modules/formclass.php in PivotX before 2.3.11 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO, related to the "PHP_SELF" variable and form actions.
{"id": "CVE-2015-5456", "bulletinFamily": "NVD", "title": "CVE-2015-5456", "description": "Cross-site scripting (XSS) vulnerability in the form method in modules/formclass.php in PivotX before 2.3.11 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO, related to the \"PHP_SELF\" variable and form actions.", "published": "2015-07-08T15:59:00", "modified": "2018-10-09T19:57:00", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-5456", "reporter": "cve@mitre.org", "references": ["http://www.securityfocus.com/bid/75577", "http://packetstormsecurity.com/files/132474/PivotX-2.3.10-Session-Fixation-XSS-Code-Execution.html", "http://blog.pivotx.net/archive/2015/06/21/pivotx-2311-released", "http://software-talk.org/blog/2015/06/session-fixation-xss-code-execution-vulnerability-pivotx/", "http://sourceforge.net/p/pivot-weblog/code/4457/tree//branches/2.3.x/pivotx/modules/formclass.php?diff=51a4cb5e34309d75c0d1612a:4456", "http://www.securityfocus.com/archive/1/535860/100/0/threaded"], "cvelist": ["CVE-2015-5456"], "type": "cve", "lastseen": "2020-12-09T20:03:05", "edition": 5, "viewCount": 1, "enchantments": {"dependencies": {"references": [{"type": "openvas", "idList": ["OPENVAS:1361412562310805938"]}], "modified": "2020-12-09T20:03:05", "rev": 2}, "score": {"value": 4.4, "vector": "NONE", "modified": "2020-12-09T20:03:05", "rev": 2}, "vulnersScore": 4.4}, "cpe": ["cpe:/a:pivotx:pivotx:2.3.10"], "affectedSoftware": [{"cpeName": "pivotx:pivotx", "name": "pivotx", "operator": "le", "version": "2.3.10"}], "cvss2": {"cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {}, "cpe23": ["cpe:2.3:a:pivotx:pivotx:2.3.10:*:*:*:*:*:*:*"], "cwe": ["CWE-79"], "scheme": null, "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:pivotx:pivotx:2.3.10:*:*:*:*:*:*:*", "versionEndIncluding": "2.3.10", "vulnerable": true}], "operator": "OR"}]}}
{"openvas": [{"lastseen": "2020-05-12T17:25:26", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-5456", "CVE-2015-5458", "CVE-2015-5457"], "description": "The host is installed with PivotX and is\n prone to multiple vulnerabilities.", "modified": "2020-05-08T00:00:00", "published": "2015-07-27T00:00:00", "id": "OPENVAS:1361412562310805938", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310805938", "type": "openvas", "title": "PivotX Multiple Vulnerabilities - Jul15", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# PivotX Multiple Vulnerabilities - Jul15\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:pivotx:pivotx\";\n\nif (description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.805938\");\n script_version(\"2020-05-08T08:34:44+0000\");\n script_cve_id(\"CVE-2015-5456\", \"CVE-2015-5457\", \"CVE-2015-5458\");\n script_bugtraq_id(75577);\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-05-08 08:34:44 +0000 (Fri, 08 May 2020)\");\n script_tag(name:\"creation_date\", value:\"2015-07-27 14:22:08 +0530 (Mon, 27 Jul 2015)\");\n script_name(\"PivotX Multiple Vulnerabilities - Jul15\");\n\n script_tag(name:\"summary\", value:\"The host is installed with PivotX and is\n prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Send a crafted HTTP GET request and check\n whether it is possible to read a cookie or not.\");\n\n script_tag(name:\"insight\", value:\"Multiple errors exists as the application\n\n - Does not validate input passed via the 'sess' parameter to 'fileupload.php'\n script.\n\n - Does not validate the new file extension when renaming a file with multiple\n extensions, like foo.php.php.\n\n - Does not validate input passed via the form method in modules/formclass.php\n script.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n attackers to hijack web sessions, execute arbitrary code and create a specially\n crafted request that would execute arbitrary script code in a user's browser\n session within the trust relationship between their browser and the server.\");\n\n script_tag(name:\"affected\", value:\"PivotX version 2.3.10 and probably prior.\");\n\n script_tag(name:\"solution\", value:\"Upgrade PivotX to version 2.3.11 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"exploit\");\n\n script_xref(name:\"URL\", value:\"https://packetstormsecurity.com/files/132474\");\n script_xref(name:\"URL\", value:\"http://www.securityfocus.com/archive/1/archive/1/535860/100/0/threaded\");\n\n script_category(ACT_ATTACK);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Web application abuses\");\n script_dependencies(\"gb_pivotx_detect.nasl\");\n script_mandatory_keys(\"PivotX/Installed\");\n script_require_ports(\"Services/www\", 80);\n script_xref(name:\"URL\", value:\"http://pivotx.net\");\n exit(0);\n}\n\n\ninclude(\"http_func.inc\");\ninclude(\"http_keepalive.inc\");\ninclude(\"host_details.inc\");\n\nif(!pivPort = get_app_port(cpe:CPE)){\n exit(0);\n}\n\nif(!dir = get_app_location(cpe:CPE, port:pivPort)){\n exit(0);\n}\n\nurl = dir + '/index.php/\"><script>alert(document.cookie)</script></scri' +\n 'pt>?page=page&uid=3';\n\nif(http_vuln_check(port:pivPort, url:url, check_header:TRUE,\n pattern:\"<script>alert\\(document.cookie\\)</script>\",\n extra_check:\">PivotX\"))\n{\n report = http_report_vuln_url( port:pivPort, url:url );\n security_message(port:pivPort, data:report);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}]}
