Vulnerability Note VU#901156
PivotX 2.3.8 contains multiple vulnerabilities
Original Release date: 11 Apr 2014 | Last revised: 11 Apr 2014

Overview
PivotX 2.3.8, and possibly earlier versions, contains cross-site scripting (CWE-79) and unsafe file upload (CWE-434) vulnerabilities.

Description
PivotX 2.3.8, and possibly earlier versions, contains cross-site scripting (CWE-79) and unsafe file upload (CWE-434) vulnerabilities.
CWE-79: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) – CVE-2014-0341
PivotX overview screens were susceptible to cross-site scripting attacks. The following code commits provide the details.
http://sourceforge.net/p/pivot-weblog/code/4349/
http://sourceforge.net/p/pivot-weblog/code/4345/

CWE-434: Unrestricted Upload of File with Dangerous Type – CVE-2014-0342
The file upload check did not include the file extension. The following code commit provides the details.
http://sourceforge.net/p/pivot-weblog/code/4347/

The CVSS score below is for CVE-2014-0342.

Impact
A remote authenticated attacker may be able to inject arbitrary script into a web page or upload a malicious file.

Solution
Apply an Update

PivotX 2.3.9 has been released to address these vulnerabilities.

Vendor Information (Learn More)

VendorStatusDate NotifiedDate UpdatedPivotXAffected-11 Apr 2014If you are a vendor and your product is affected, let
us know.

CVSS Metrics (Learn More)

Group
Score
Vector

Base
8.5
AV:N/AC:L/Au:S/C:C/I:C/A:–

Temporal
8.5
E:ND/RL:ND/RC:ND

Environmental
6.4
CDP:ND/TD:M/CR:ND/IR:ND/AR:ND

References

http://pivotx.net/page/security
http://blog.pivotx.net/archive/2014/03/03/pivotx-239-released
https://cwe.mitre.org/data/definitions/434.html
https://cwe.mitre.org/data/definitions/79.html

Credit

Thanks to Diego GarcĂ­a for reporting these vulnerabilities.
This document was written by Jared Allar.

Other Information

CVE IDs:
CVE-2014-0341
CVE-2014-0342

Date Public:
05 Mar 2014

Date First Published:
11 Apr 2014

Date Last Updated:
11 Apr 2014

Document Revision:
4

FeedbackIf you have feedback, comments, or additional information about this vulnerability, please send us email.

Leave a Reply