CVE-2011-0772
Published Feb 4, 2011
Last updated 6 years ago
Overview
- Description
- Multiple cross-site scripting (XSS) vulnerabilities in PivotX 2.2.0, and possibly other versions before 2.2.2, allow remote attackers to inject arbitrary web script or HTML via the (1) color parameter to includes/blogroll.php or (2) src parameter to includes/timwrapper.php.
- Source
- cve@mitre.org
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 4.3
- Impact score
- 2.9
- Exploitability score
- 8.6
- Vector string
- AV:N/AC:M/Au:N/C:N/I:P/A:N
Weaknesses
- nvd@nist.gov
- CWE-79
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pivotx:pivotx:2.1.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F3990C45-2F1A-4E97-80CD-1BF07A6DEE84"
},
{
"criteria": "cpe:2.3:a:pivotx:pivotx:2.1.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "847926C5-EC16-420B-993F-D0C6991DD0AD"
},
{
"criteria": "cpe:2.3:a:pivotx:pivotx:2.1.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "101512B3-9573-45F0-8E23-ECCFBC7BC981"
},
{
"criteria": "cpe:2.3:a:pivotx:pivotx:2.2.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "EEB36519-001A-446F-B680-2DCBF4A7C4F8"
},
{
"criteria": "cpe:2.3:a:pivotx:pivotx:2.2.0:b1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D09514E0-221A-4A8C-BE34-CCCEDFBE54C4"
},
{
"criteria": "cpe:2.3:a:pivotx:pivotx:2.2.0:b2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A43A812E-D866-45AB-92DF-A5617279FC10"
},
{
"criteria": "cpe:2.3:a:pivotx:pivotx:2.2.0:rc:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "179DBEB0-22A0-46EA-9E48-BC3A79C1E37A"
},
{
"criteria": "cpe:2.3:a:pivotx:pivotx:2.2.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2FF74C6E-E55E-4C01-B4C9-6BB60D57E889"
}
],
"operator": "OR"
}
]
}
]