CVE-2014-0341

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2014-0341
Multiple cross-site scripting (XSS) vulnerabilities in PivotX before 2.3.9 allow remote authenticated users to inject arbitrary web script or HTML via the title field to (1) templates_internal/pages.tpl, (2) templates_internal/home.tpl, or (3) templates_internal/entries.tpl; (4) an event field to objects.php; or the (5) email or (6) nickname field to pages.php, related to templates_internal/users.tpl.

3.5 /10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:N/AC:M/Au:S/C:N/I:P/A:N

Exploitability : 6.8 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication SINGLE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References
Link Resource
http://blog.pivotx.net/archive/2014/03/03/pivotx-239-released
http://pivotx.net/page/security Vendor Advisory
http://sourceforge.net/p/pivot-weblog/code/4345/ Exploit Patch
http://sourceforge.net/p/pivot-weblog/code/4349/ Exploit Patch
http://www.kb.cert.org/vuls/id/901156 US Government Resource
http://www.securityfocus.com/bid/66800
http://blog.pivotx.net/archive/2014/03/03/pivotx-239-released
http://pivotx.net/page/security Vendor Advisory
http://sourceforge.net/p/pivot-weblog/code/4345/ Exploit Patch
http://sourceforge.net/p/pivot-weblog/code/4349/ Exploit Patch
http://www.kb.cert.org/vuls/id/901156 US Government Resource
http://www.securityfocus.com/bid/66800
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:pivotx:pivotx:*:*:*:*:*:*:*:*
cpe:2.3:a:pivotx:pivotx:2.1.0:*:*:*:*:*:*:*
cpe:2.3:a:pivotx:pivotx:2.1.1:*:*:*:*:*:*:*
cpe:2.3:a:pivotx:pivotx:2.1.2:*:*:*:*:*:*:*
cpe:2.3:a:pivotx:pivotx:2.2.0:*:*:*:*:*:*:*
cpe:2.3:a:pivotx:pivotx:2.2.0:b1:*:*:*:*:*:*
cpe:2.3:a:pivotx:pivotx:2.2.0:b2:*:*:*:*:*:*
cpe:2.3:a:pivotx:pivotx:2.2.0:rc:*:*:*:*:*:*
cpe:2.3:a:pivotx:pivotx:2.2.1:*:*:*:*:*:*:*
cpe:2.3:a:pivotx:pivotx:2.2.2:*:*:*:*:*:*:*
cpe:2.3:a:pivotx:pivotx:2.2.3:*:*:*:*:*:*:*
cpe:2.3:a:pivotx:pivotx:2.2.5:*:*:*:*:*:*:*
cpe:2.3:a:pivotx:pivotx:2.3.0:*:*:*:*:*:*:*
cpe:2.3:a:pivotx:pivotx:2.3.2:*:*:*:*:*:*:*
cpe:2.3:a:pivotx:pivotx:2.3.3:*:*:*:*:*:*:*
cpe:2.3:a:pivotx:pivotx:2.3.5:*:*:*:*:*:*:*
cpe:2.3:a:pivotx:pivotx:2.3.6:*:*:*:*:*:*:*
cpe:2.3:a:pivotx:pivotx:2.3.7:*:*:*:*:*:*:*
History

21 Nov 2024, 02:01

Type Values Removed Values Added
References () http://blog.pivotx.net/archive/2014/03/03/pivotx-239-released - () http://blog.pivotx.net/archive/2014/03/03/pivotx-239-released -
References () http://pivotx.net/page/security - Vendor Advisory () http://pivotx.net/page/security - Vendor Advisory
References () http://sourceforge.net/p/pivot-weblog/code/4345/ - Exploit, Patch () http://sourceforge.net/p/pivot-weblog/code/4345/ - Exploit, Patch
References () http://sourceforge.net/p/pivot-weblog/code/4349/ - Exploit, Patch () http://sourceforge.net/p/pivot-weblog/code/4349/ - Exploit, Patch
References () http://www.kb.cert.org/vuls/id/901156 - US Government Resource () http://www.kb.cert.org/vuls/id/901156 - US Government Resource
References () http://www.securityfocus.com/bid/66800 - () http://www.securityfocus.com/bid/66800 -
Information

Published : 2014-04-15 10:55

Updated : 2025-04-12 10:46

NVD link : CVE-2014-0341

Mitre link : CVE-2014-0341

CVE.ORG link : CVE-2014-0341

JSON object : View

Products Affected

pivotx

  • pivotx
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')