Lucene search
K

156 matches found

EUVD
EUVD
added 2025/09/22 12:0 a.m.10 views

EUVD-2025-30753

Cross Site Scripting vulnerability in PivotX CMS v.3.0.0 RC 3 allows a remote attacker to execute arbitrary code via the subtitle field...

6.6AI score0.03835EPSS
Exploits6References3
Cvelist
Cvelist
added 2025/09/22 12:0 a.m.13 views

CVE-2025-52367

Cross Site Scripting vulnerability in PivotX CMS v.3.0.0 RC 3 allows a remote attacker to execute arbitrary code via the subtitle field...

0.03835EPSS
Exploits6References1
Rapid7 Blog
Rapid7 Blog
added 2025/08/15 3:54 p.m.7 views

Metasploit Weekly Wrap-Up 08/15/2025

Don’t forget to take the Metasploit User Engagement Survey! We had an awesome time at DEF CON and Black Hat with our very own zeroSteiner and jheysel-r7 presenting on five different occasions! We announced our user engagement survey there, and would love for all of you to participate until the en...

9.9CVSS9.8AI score0.93027EPSS
Exploits16
Packet Storm
Packet Storm
added 2025/08/13 12:0 a.m.109 views

📄 PivotX 3.0.0 RC 3 Remote Code Execution

This Metasploit module gains remote code execution in PivotX management system version 3.0.0 RC 3. The PivotX allows admin user to directly edit files on the webserver, including PHP files. The module exploits this by writing a malicious payload into index.php file, gaining remote code execution...

8.4AI score0.03835EPSS
Exploits6
Packet Storm
Packet Storm
added 2025/07/16 12:0 a.m.109 views

📄 PivotX 3.0.0 RC3 Remote Code Execution / Cross Site Scripting

PivotX version 3.0.0 RC3 suffers from a persistent cross site scripting vulnerability that can assist an attacker in achieving remote code execution once privileges are escalated. Exploit Title: PivotX v3.0.0 RC3 - Stored XSS to Remote Code Execution RCE Date: July 2025 Exploit Author: HayToN...

7.4AI score0.03835EPSS
Exploits6
CNNVD
CNNVD
added 2025/07/16 12:0 a.m.8 views

PivotX 3.0.0 RC3 安全漏洞

PivotX is a PivotX open source application. A security vulnerability exists in PivotX version 3.0.0 RC3 that originates during page creation and is vulnerable to stored cross-site scripting attacks...

5.4CVSS5.8AI score0.03835EPSS
Exploits6References5
Exploit DB
Exploit DB
added 2025/07/16 12:0 a.m.379 views

PivotX 3.0.0 RC3 - Remote Code Execution (RCE)

Exploit Title: PivotX v3.0.0 RC3 - Stored XSS to Remote Code Execution RCE Date: July 2025 Exploit Author: HayToN Vendor Homepage: https://github.com/pivotx Software Link: https://github.com/pivotx/PivotX Version: 3.0.0 RC3 Tested on: Debian 11, PHP 7.4 CVE : CVE-2025-52367 Vulnerability Type:...

5.4CVSS7.4AI score0.03835EPSS
Exploits6
SUSE CVE
SUSE CVE
added 2023/02/15 4:44 a.m.7 views

SUSE CVE-2017-9332

The smartyself function in modules/modulesmarty.php in PivotX 2.3.11 mishandles the URI, allowing XSS via vectors involving quotes in the self Smarty tag...

6.1CVSS6.3AI score0.00632EPSS
Exploits0References3
CNVD
CNVD
added 2017/10/19 12:0 a.m.5 views

PivotX Remote Code Execution Vulnerability

PivotX is an open source blog content management system Blog CMS. The system supports built-in comment review, spam protection and template replacement. A security vulnerability exists in the lib.php file in PivotX version 2.3.11, which stems from the program failing to properly block the upload ...

7.2CVSS7.4AI score0.01331EPSS
Exploits0References1
OSV
OSV
added 2017/10/02 1:29 a.m.3 views

CVE-2017-14958

lib.php in PivotX 2.3.11 does not properly block uploads of dangerous file types by admin users, which allows remote PHP code execution via an upload of a .php file...

7.2CVSS7.8AI score
Exploits0References1
Prion
Prion
added 2017/10/02 1:29 a.m.17 views

Code injection

lib.php in PivotX 2.3.11 does not properly block uploads of dangerous file types by admin users, which allows remote PHP code execution via an upload of a .php file...

6.5CVSS7.4AI score0.01331EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2017/10/02 1:29 a.m.13 views

CVE-2017-14958

lib.php in PivotX 2.3.11 does not properly block uploads of dangerous file types by admin users, which allows remote PHP code execution via an upload of a .php file...

7.2CVSS7.4AI score0.01331EPSS
Exploits0References1
CVE
CVE
added 2017/10/01 3:0 p.m.54 views

CVE-2017-14958

PivotX 2.3.11 lib.php fails to block dangerous file types uploaded by admin users, enabling remote PHP code execution via uploading a PHP file. This is documented across multiple sources (NVD/CNVD/OSV) with consistent description of the vulnerability in PivotX. The root cause is improper validati...

7.2CVSS7.3AI score0.01331EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2017/10/01 3:0 p.m.16 views

CVE-2017-14958

lib.php in PivotX 2.3.11 does not properly block uploads of dangerous file types by admin users, which allows remote PHP code execution via an upload of a .php file...

7.4AI score0.01331EPSS
Exploits0References1
CNVD
CNVD
added 2017/06/08 12:0 a.m.6 views

PivotX 'smarty_self' function cross-site scripting vulnerability

PivotX is an open source blog content management system Blog CMS. The system supports built-in comment review, spam protection and template replacement. PivotX 2.3.11 version of the modules/modulesmarty.php file of the 'smartyself' function of the cross-site scripting vulnerability , the...

6.1CVSS6.2AI score0.00632EPSS
Exploits0References1
CNVD
CNVD
added 2017/06/07 12:0 a.m.6 views

PivotX Arbitrary Code Execution Vulnerability

PivotX is an open source blog content management system Blog CMS. The system supports built-in comment review, spam protection and template replacement. An arbitrary code execution vulnerability exists in PivotX version 2.3.11. A remote attacker can exploit this vulnerability to execute arbitrary...

8.8CVSS8.3AI score0.0128EPSS
Exploits0References1
OSV
OSV
added 2017/06/06 2:29 p.m.3 views

CVE-2017-9332

The smartyself function in modules/modulesmarty.php in PivotX 2.3.11 mishandles the URI, allowing XSS via vectors involving quotes in the self Smarty tag...

6.1CVSS6.1AI score
Exploits0References1
NVD
NVD
added 2017/06/06 2:29 p.m.16 views

CVE-2017-9332

The smartyself function in modules/modulesmarty.php in PivotX 2.3.11 mishandles the URI, allowing XSS via vectors involving quotes in the self Smarty tag...

6.1CVSS5.9AI score0.00632EPSS
Exploits0References1
Prion
Prion
added 2017/06/06 2:29 p.m.16 views

Design/Logic Flaw

The smartyself function in modules/modulesmarty.php in PivotX 2.3.11 mishandles the URI, allowing XSS via vectors involving quotes in the self Smarty tag...

4.3CVSS5.9AI score0.00632EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2017/06/06 2:0 p.m.41 views

CVE-2017-9332

PivotX 2.3.11 is affected by a cross-site scripting vulnerability in the smarty_self function of modules/module_smarty.php, where improper URI handling allows XSS via quotes in the self Smarty tag. The issue is documented across multiple feeds (NVD/CVE-2017-9332, SUSE CVE-2017-9332, CNVD, OSV) wi...

6.1CVSS5.8AI score0.00632EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder