156 matches found
EUVD-2025-30753
Cross Site Scripting vulnerability in PivotX CMS v.3.0.0 RC 3 allows a remote attacker to execute arbitrary code via the subtitle field...
CVE-2025-52367
Cross Site Scripting vulnerability in PivotX CMS v.3.0.0 RC 3 allows a remote attacker to execute arbitrary code via the subtitle field...
Metasploit Weekly Wrap-Up 08/15/2025
Don’t forget to take the Metasploit User Engagement Survey! We had an awesome time at DEF CON and Black Hat with our very own zeroSteiner and jheysel-r7 presenting on five different occasions! We announced our user engagement survey there, and would love for all of you to participate until the en...
📄 PivotX 3.0.0 RC 3 Remote Code Execution
This Metasploit module gains remote code execution in PivotX management system version 3.0.0 RC 3. The PivotX allows admin user to directly edit files on the webserver, including PHP files. The module exploits this by writing a malicious payload into index.php file, gaining remote code execution...
📄 PivotX 3.0.0 RC3 Remote Code Execution / Cross Site Scripting
PivotX version 3.0.0 RC3 suffers from a persistent cross site scripting vulnerability that can assist an attacker in achieving remote code execution once privileges are escalated. Exploit Title: PivotX v3.0.0 RC3 - Stored XSS to Remote Code Execution RCE Date: July 2025 Exploit Author: HayToN...
PivotX 3.0.0 RC3 安全漏洞
PivotX is a PivotX open source application. A security vulnerability exists in PivotX version 3.0.0 RC3 that originates during page creation and is vulnerable to stored cross-site scripting attacks...
PivotX 3.0.0 RC3 - Remote Code Execution (RCE)
Exploit Title: PivotX v3.0.0 RC3 - Stored XSS to Remote Code Execution RCE Date: July 2025 Exploit Author: HayToN Vendor Homepage: https://github.com/pivotx Software Link: https://github.com/pivotx/PivotX Version: 3.0.0 RC3 Tested on: Debian 11, PHP 7.4 CVE : CVE-2025-52367 Vulnerability Type:...
SUSE CVE-2017-9332
The smartyself function in modules/modulesmarty.php in PivotX 2.3.11 mishandles the URI, allowing XSS via vectors involving quotes in the self Smarty tag...
PivotX Remote Code Execution Vulnerability
PivotX is an open source blog content management system Blog CMS. The system supports built-in comment review, spam protection and template replacement. A security vulnerability exists in the lib.php file in PivotX version 2.3.11, which stems from the program failing to properly block the upload ...
CVE-2017-14958
lib.php in PivotX 2.3.11 does not properly block uploads of dangerous file types by admin users, which allows remote PHP code execution via an upload of a .php file...
Code injection
lib.php in PivotX 2.3.11 does not properly block uploads of dangerous file types by admin users, which allows remote PHP code execution via an upload of a .php file...
CVE-2017-14958
lib.php in PivotX 2.3.11 does not properly block uploads of dangerous file types by admin users, which allows remote PHP code execution via an upload of a .php file...
CVE-2017-14958
PivotX 2.3.11 lib.php fails to block dangerous file types uploaded by admin users, enabling remote PHP code execution via uploading a PHP file. This is documented across multiple sources (NVD/CNVD/OSV) with consistent description of the vulnerability in PivotX. The root cause is improper validati...
CVE-2017-14958
lib.php in PivotX 2.3.11 does not properly block uploads of dangerous file types by admin users, which allows remote PHP code execution via an upload of a .php file...
PivotX 'smarty_self' function cross-site scripting vulnerability
PivotX is an open source blog content management system Blog CMS. The system supports built-in comment review, spam protection and template replacement. PivotX 2.3.11 version of the modules/modulesmarty.php file of the 'smartyself' function of the cross-site scripting vulnerability , the...
PivotX Arbitrary Code Execution Vulnerability
PivotX is an open source blog content management system Blog CMS. The system supports built-in comment review, spam protection and template replacement. An arbitrary code execution vulnerability exists in PivotX version 2.3.11. A remote attacker can exploit this vulnerability to execute arbitrary...
CVE-2017-9332
The smartyself function in modules/modulesmarty.php in PivotX 2.3.11 mishandles the URI, allowing XSS via vectors involving quotes in the self Smarty tag...
CVE-2017-9332
The smartyself function in modules/modulesmarty.php in PivotX 2.3.11 mishandles the URI, allowing XSS via vectors involving quotes in the self Smarty tag...
Design/Logic Flaw
The smartyself function in modules/modulesmarty.php in PivotX 2.3.11 mishandles the URI, allowing XSS via vectors involving quotes in the self Smarty tag...
CVE-2017-9332
PivotX 2.3.11 is affected by a cross-site scripting vulnerability in the smarty_self function of modules/module_smarty.php, where improper URI handling allows XSS via quotes in the self Smarty tag. The issue is documented across multiple feeds (NVD/CVE-2017-9332, SUSE CVE-2017-9332, CNVD, OSV) wi...