We've released a new maintenance update for PivotX. This release also fixes a few minor security-issues, so it is a recommended upgrade for all PivotX 2.x websites. For former security related issues and patches, see the page dedicated to Security issues .
These are the changes since PivotX 2.3.10:
Now calling htmlspecialchars with ENT_QUOTES.
Escaping some user controlled variables.
Escape usage of PHP_SELF in form action.
Bug- / security-fix in getPivotxURL().
Read more »