PT-2017-18848 · Pivotx · Pivotx
Hansfn
·
Published
2017-06-06
·
Updated
2017-06-14
·
CVE-2017-9332
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
PivotX version 2.3.11
Description
The issue concerns the smarty self function in PivotX, which mishandles the URI. This allows for cross-site scripting (XSS) attacks via vectors involving quotes in the self Smarty tag.
Recommendations
For PivotX version 2.3.11, consider disabling the smarty self function in modules/module smarty.php as a temporary workaround until a patch is available. Restrict access to the self Smarty tag to minimize the risk of exploitation.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Pivotx