Known Vulnerabilities for products from Pivotx
Listed below are 15 of the newest known vulnerabilities associated with the vendor "Pivotx".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2017-14958 json | lib.php in PivotX 2.3.11 does not properly block uploads of dangerous file types by admin users, which allows remote PHP code... | 7.2 - HIGH | 2017-10-02 | 2017-10-06 |
| CVE-2017-9332 json | The smarty_self function in modules/module_smarty.php in PivotX 2.3.11 mishandles the URI, allowing XSS via vectors involving... | Not Provided | 2017-06-06 | 2025-04-20 |
| CVE-2017-8402 json | PivotX 2.3.11 allows remote authenticated users to execute arbitrary PHP code via vectors involving an upload of a .htaccess ... | Not Provided | 2017-05-31 | 2025-04-20 |
| CVE-2017-7570 json | PivotX 2.3.11 allows remote authenticated Advanced users to execute arbitrary PHP code by performing an upload with a safe fi... | Not Provided | 2017-04-07 | 2025-04-20 |
| CVE-2015-5458 json | Session fixation vulnerability in fileupload.php in PivotX before 2.3.11 allows remote attackers to hijack web sessions via t... | Not Provided | 2015-07-08 | 2026-05-06 |
| CVE-2015-5457 json | PivotX before 2.3.11 does not validate the new file extension when renaming a file with multiple extensions, which allows rem... | Not Provided | 2015-07-08 | 2026-05-06 |
| CVE-2015-5456 json | Cross-site scripting (XSS) vulnerability in the form method in modules/formclass.php in PivotX before 2.3.11 allows remote at... | Not Provided | 2015-07-08 | 2026-05-06 |
| CVE-2014-0342 json | Multiple unrestricted file upload vulnerabilities in fileupload.php in PivotX before 2.3.9 allow remote authenticated users t... | Not Provided | 2014-04-15 | 2026-05-06 |
| CVE-2014-0341 json | Multiple cross-site scripting (XSS) vulnerabilities in PivotX before 2.3.9 allow remote authenticated users to inject arbitra... | Not Provided | 2014-04-15 | 2026-05-06 |
| CVE-2012-2274 json | Cross-site scripting (XSS) vulnerability in pivotx/ajaxhelper.php in PivotX 2.3.2 and earlier allows remote attackers to inje... | Not Provided | 2012-08-13 | 2026-04-29 |
| CVE-2011-1035 json | The password reset in PivotX before 2.2.4 allows remote attackers to modify the passwords of arbitrary users via unspecified ... | Not Provided | 2011-02-19 | 2026-04-29 |
| CVE-2011-0775 json | pivotx/modules/module_image.php in PivotX 2.2.2 allows remote attackers to obtain sensitive information via a non-existent fi... | Not Provided | 2011-02-04 | 2026-04-29 |
| CVE-2011-0774 json | PivotX before 2.2.2 allows remote attackers to obtain sensitive information via a direct request to (1) includes/ping.php and... | Not Provided | 2011-02-04 | 2026-04-29 |
| CVE-2011-0773 json | Cross-site scripting (XSS) vulnerability in pivotx/modules/module_image.php in PivotX before 2.2.3 allows remote attackers to... | Not Provided | 2011-02-04 | 2026-04-29 |
| CVE-2011-0772 json | Multiple cross-site scripting (XSS) vulnerabilities in PivotX 2.2.0, and possibly other versions before 2.2.2, allow remote a... | Not Provided | 2011-02-04 | 2026-04-29 |
Known software with vulnerabilities from Pivotx
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Pivotx | Pivotx | 2.1.0 |