Lucene search

K

MitreCVELIST:CVE-2011-0772

HistoryFeb 04, 2011 - 12:00 a.m.

CVE-2011-0772

2011-02-0400:00:00

mitre

www.cve.org

5.9 Medium

AI Score

Confidence

High

0.019 Low

EPSS

Percentile

88.5%

Multiple cross-site scripting (XSS) vulnerabilities in PivotX 2.2.0, and possibly other versions before 2.2.2, allow remote attackers to inject arbitrary web script or HTML via the (1) color parameter to includes/blogroll.php or (2) src parameter to includes/timwrapper.php.

References

blog.pivotx.net/archive/2011/01/11/pivotx-222-released

pivot-weblog.svn.sf.net/viewvc/pivot-weblog?view=revision&revision=3409

pivot-weblog.svn.sf.net/viewvc/pivot-weblog?view=revision&revision=3410

secunia.com/advisories/43040

securityreason.com/securityalert/8062

www.htbridge.ch/advisory/xss_in_pivotx.html

www.htbridge.ch/advisory/xss_in_pivotx_1.html

www.osvdb.org/70673

www.osvdb.org/70674

www.securityfocus.com/archive/1/515958/100/0/threaded

www.securityfocus.com/archive/1/515964/100/0/threaded

www.securityfocus.com/bid/45996

exchange.xforce.ibmcloud.com/vulnerabilities/64975

5.9 Medium

AI Score

Confidence

High

0.019 Low

EPSS

Percentile

88.5%

Related for CVELIST:CVE-2011-0772

prion1 htbridge1 nvd1 cve1 openvas1