diff options
Diffstat (limited to 'security/vuxml/vuln.xml')
-rw-r--r-- | security/vuxml/vuln.xml | 30 |
1 files changed, 30 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index c90c4f992fb5..8913efe70628 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -52,6 +52,36 @@ Note: Please add new entries to the beginning of this file. --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="0d3547ab-9b69-11e1-bdb1-525401003090"> + <topic>PivotX -- 'ajaxhelper.php' Cross Site Scripting Vulnerability</topic> + <affects> + <package> + <name>pivotx</name> + <range><le>2.3.2</le></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>High-Tech Bridge reports:</p> + <blockquote cite="https://www.htbridge.com/advisory/HTB23087"> + <p>Input passed via the "file" GET parameter to + /pivotx/ajaxhelper.php is not properly sanitised before + being returned to the user. This can be exploited to + execute arbitrary HTML and script code in administrator's + browser session in context of the affected website.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2012-2274</cvename> + <bid>52159</bid> + </references> + <dates> + <discovery>2012-05-09</discovery> + <entry>2012-05-12</entry> + </dates> + </vuln> + <vuln vid="b91234e7-9a8b-11e1-b666-001636d274f3"> <topic>NVIDIA UNIX driver -- access to arbitrary system memory</topic> <affects> |