NVD

Id
26608  
Name
CVE-2015-5456  
Description
Cross-site scripting (XSS) vulnerability in the form method in modules/formclass.php in PivotX before 2.3.11 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO, related to the "PHP_SELF" variable and form actions.  
Reject
 
CVSS Version
2  
CVSS Score
4.3  
Severity
Medium  
CVSS Base Score
4.3  
CVSS Impact Subscore
2.9  
CVSS Exploit Subscore
8.6  
CVSS Vector
(AV:N/AC:M/Au:N/C:N/I:P/A:N)  
Pub Date
2017-01-19  
Published
2015-07-08  
Modified Date
2015-08-11  
Seq
2015-5456  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
140769 26608 CVE-2015-5456 http://blog.pivotx.net/archive/2015/06/21/pivotx-2311-released  View
140770 26608 CVE-2015-5456 http://packetstormsecurity.com/files/132474/PivotX-2.3.10-Session-Fixation-XSS-Code-Execution.html  View
140771 26608 CVE-2015-5456 http://software-talk.org/blog/2015/06/session-fixation-xss-code-execution-vulnerability-pivotx/  View
140772 26608 CVE-2015-5456 http://sourceforge.net/p/pivot-weblog/code/4457/tree//branches/2.3.x/pivotx/modules/formclass.php?diff=51a4cb5e34309d75c0d1612a:4456  View
140773 26608 CVE-2015-5456 20150627 Session Fixation, Reflected XSS, Code Execution in PivotX 2.3.10  View
140774 26608 CVE-2015-5456 75577  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
8209 JVNDB-2015-003529 PivotX の modules/formclass.php の form メソッドにおけるクロスサイトスクリプティングの脆弱性 PivotX の modules/formclass.php の form メソッドには、"PHP_SELF" 変数および form アクションに関する不備があるため、クロスサイトスクリプティングの脆弱性が存在します。 CVE-2015-5456 82681 CVE-2015-5456 26608 4.3 http://jvndb.jvn.jp/ja/contents/2015/JVNDB-2015-003529.html 2015-06-21 2015-07-13 View