Multiple cross-site scripting (XSS) vulnerabilities in PivotX 2.2.0, and possibly other versions prior to 2.2.2, allow remote malicious users to inject arbitrary web script or HTML via the (1) color parameter to includes/blogroll.php or (2) src parameter to includes/timwrapper.php.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
pivotx pivotx 2.1.1 |
||
pivotx pivotx 2.1.0 |
||
pivotx pivotx 2.2.1 |
||
pivotx pivotx 2.2.0 |
||
pivotx pivotx 2.1.2 |