FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

PivotX -- 'ajaxhelper.php' Cross Site Scripting Vulnerability

Affected packages
pivotx <= 2.3.2


VuXML ID 0d3547ab-9b69-11e1-bdb1-525401003090
Discovery 2012-05-09
Entry 2012-05-12
Modified 2012-05-14

High-Tech Bridge reports:

Input passed via the "file" GET parameter to /pivotx/ajaxhelper.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in administrator's browser session in context of the affected website.


Bugtraq ID 52159
CVE Name CVE-2012-2274