PivotX version 2.3.2 and probably prior suffers from cross-site scripting (XSS) vulnerability:
Input passed via the "file" GET parameter to "pivotx/ajaxhelper.php" is not properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in administrator's browser session in context of the affected website.
Input passed via the "file" GET parameter to "pivotx/ajaxhelper.php" script is not properly sanitised before being returned to the user.
Vulnerability ID: HTB23087
Vulnerability Type: Cross-Site Scripting (XSS)
Risk level: Medium
Vendor Notification / Patch / Public Disclosure Dates: 18 April / 18 April / 9 May 2012
Solution: Fixed in svn repository. Apply vendor's patch.
No comments:
Post a Comment