FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

PivotX -- 'ajaxhelper.php' Cross Site Scripting Vulnerability

Affected packages
pivotx <= 2.3.2

Details

VuXML ID 0d3547ab-9b69-11e1-bdb1-525401003090
Discovery 2012-05-09
Entry 2012-05-12
Modified 2012-05-14

High-Tech Bridge reports:

Input passed via the "file" GET parameter to /pivotx/ajaxhelper.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in administrator's browser session in context of the affected website.

[source]

References

Bugtraq ID 52159
CVE Name CVE-2012-2274
URL https://www.htbridge.com/advisory/HTB23087

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.