FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-18 11:12:36 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
14d846d6-27b3-11e5-a15a-50af736ef1c0	pivotx -- cross-site scripting (XSS) vulnerability pivotx reports: cross-site scripting (XSS) vulnerability in the nickname (and possibly the email) field. Mitigated by the fact that an attacker must have a PivotX account. Discovery 2014-04-15 Entry 2015-07-11 pivotx < 2.3.9 CVE-2014-0341
7313b0e3-27b4-11e5-a15a-50af736ef1c0	pivotx -- Multiple unrestricted file upload vulnerabilities Pivotx reports: Multiple unrestricted file upload vulnerabilities in fileupload.php in PivotX before 2.3.9 allow remote authenticated users to execute arbitrary PHP code by uploading a file with a (1) .php or (2) .php# extension, and then accessing it via unspecified vectors. Discovery 2014-04-15 Entry 2015-07-11 pivotx < 2.3.9 CVE-2014-0341
0d3547ab-9b69-11e1-bdb1-525401003090	PivotX -- 'ajaxhelper.php' Cross Site Scripting Vulnerability High-Tech Bridge reports: Input passed via the "file" GET parameter to /pivotx/ajaxhelper.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in administrator's browser session in context of the affected website. Discovery 2012-05-09 Entry 2012-05-12 Modified 2012-05-14 pivotx le 2.3.2 52159 CVE-2012-2274 https://www.htbridge.com/advisory/HTB23087

VuXML ID

Description

14d846d6-27b3-11e5-a15a-50af736ef1c0

pivotx -- cross-site scripting (XSS) vulnerability

pivotx reports:

cross-site scripting (XSS) vulnerability in the nickname (and possibly the email) field. Mitigated by the fact that an attacker must have a PivotX account.

Discovery 2014-04-15
Entry 2015-07-11
pivotx

< 2.3.9

CVE-2014-0341

7313b0e3-27b4-11e5-a15a-50af736ef1c0

pivotx -- Multiple unrestricted file upload vulnerabilities

Pivotx reports:

Multiple unrestricted file upload vulnerabilities in fileupload.php in PivotX before 2.3.9 allow remote authenticated users to execute arbitrary PHP code by uploading a file with a (1) .php or (2) .php# extension, and then accessing it via unspecified vectors.

Discovery 2014-04-15
Entry 2015-07-11
pivotx

< 2.3.9

CVE-2014-0341

0d3547ab-9b69-11e1-bdb1-525401003090

PivotX -- 'ajaxhelper.php' Cross Site Scripting Vulnerability

High-Tech Bridge reports:

Input passed via the "file" GET parameter to /pivotx/ajaxhelper.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in administrator's browser session in context of the affected website.

Discovery 2012-05-09
Entry 2012-05-12
Modified 2012-05-14
pivotx

le 2.3.2

52159
CVE-2012-2274
https://www.htbridge.com/advisory/HTB23087