CVE-2012-2274 Information

Description

Cross-site scripting (XSS) vulnerability in pivotx/ajaxhelper.php in PivotX 2.3.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the file parameter.

Reference

http://pivot-weblog.svn.sourceforge.net/viewvc/pivot-weblog?view=revision&revision=4145 http://pivot-weblog.svn.sourceforge.net/viewvc/pivot-weblog?view=revision&revision=4147 http://pivotx.net/page/security http://www.securityfocus.com/bid/53434 https://www.htbridge.com/advisory/HTB23087