ID de Prueba:	1.3.6.1.4.1.25623.1.0.801735
Categoría:	Web application abuses
Título:	PivotX < 2.3.2 Multiple XSS Vulnerabilities
Resumen:	PivotX is prone to multiple cross-site scripting (XSS); vulnerabilities.
Descripción:	Summary: PivotX is prone to multiple cross-site scripting (XSS) vulnerabilities. Vulnerability Insight: The flaws are due to input passed to the 'color' parameter in 'pivotx/includes/blogroll.php', 'src' parameter in 'pivotx/includes/timwrapper.php' is not properly sanitised before being returned to the user. Vulnerability Impact: Successful exploitation will allow attacker to execute arbitrary HTML and script code in a user's browser session in the context of an affected site. Affected Software/OS: PivotX prior to version 2.3.2. Solution: Update to version 2.3.2 or later. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2011-0772 BugTraq ID: 45996 http://www.securityfocus.com/bid/45996 Bugtraq: 20110125 HTB22788: XSS in Pivotx (Google Search) http://www.securityfocus.com/archive/1/515958/100/0/threaded Bugtraq: 20110125 HTB22790: XSS in Pivotx (Google Search) http://www.securityfocus.com/archive/1/515964/100/0/threaded http://www.htbridge.ch/advisory/xss_in_pivotx.html http://www.htbridge.ch/advisory/xss_in_pivotx_1.html http://www.osvdb.org/70673 http://www.osvdb.org/70674 http://secunia.com/advisories/43040 http://securityreason.com/securityalert/8062 XForce ISS Database: pivotx-blogroll-xss(64975) https://exchange.xforce.ibmcloud.com/vulnerabilities/64975
Copyright	Copyright (C) 2011 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.