Vulnerability Note VU#901156
PivotX 2.3.8 contains multiple vulnerabilities
PivotX 2.3.8, and possibly earlier versions, contains cross-site scripting (CWE-79) and unsafe file upload (CWE-434) vulnerabilities.
CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') - CVE-2014-0341
A remote authenticated attacker may be able to inject arbitrary script into a web page or upload a malicious file.
Apply an Update
Vendor Information (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|PivotX||Affected||-||11 Apr 2014|
CVSS Metrics (Learn More)
Thanks to Diego García for reporting these vulnerabilities.
This document was written by Jared Allar.
- CVE IDs: CVE-2014-0341 CVE-2014-0342
- Date Public: 05 Mar 2014
- Date First Published: 11 Apr 2014
- Date Last Updated: 24 Jul 2014
- Document Revision: 7
If you have feedback, comments, or additional information about this vulnerability, please send us email.