Vulnerabilities > Pivotx

DATE CVE VULNERABILITY TITLE RISK
2011-02-19 CVE-2011-1035 Credentials Management vulnerability in Pivotx
The password reset in PivotX before 2.2.4 allows remote attackers to modify the passwords of arbitrary users via unspecified vectors.
network
low complexity
pivotx CWE-255
7.5
2011-02-04 CVE-2011-0775 Information Exposure vulnerability in Pivotx 2.2.2
pivotx/modules/module_image.php in PivotX 2.2.2 allows remote attackers to obtain sensitive information via a non-existent file in the image parameter, which reveals the installation path in an error message.
network
low complexity
pivotx CWE-200
5.0
2011-02-04 CVE-2011-0774 Information Exposure vulnerability in Pivotx 2.2.2
PivotX before 2.2.2 allows remote attackers to obtain sensitive information via a direct request to (1) includes/ping.php and (2) includes/spamping.php, which reveals the installation path in an error message.
network
low complexity
pivotx CWE-200
5.0
2011-02-04 CVE-2011-0773 Cross-Site Scripting vulnerability in Pivotx
Cross-site scripting (XSS) vulnerability in pivotx/modules/module_image.php in PivotX before 2.2.3 allows remote attackers to inject arbitrary web script or HTML via the image parameter.
network
pivotx CWE-79
4.3
2011-02-04 CVE-2011-0772 Cross-Site Scripting vulnerability in Pivotx
Multiple cross-site scripting (XSS) vulnerabilities in PivotX 2.2.0, and possibly other versions before 2.2.2, allow remote attackers to inject arbitrary web script or HTML via the (1) color parameter to includes/blogroll.php or (2) src parameter to includes/timwrapper.php.
network
pivotx CWE-79
4.3