We take seriously any security issues found in our code. Below, you can see past security issues which were discovered and fixed (in the current stable release).
Should you find a security issue in the PivotX programming code, please contact the PivotX security team in advance before publishing it. This way we can prepare a fix and release the fix together with your announcement. You will be also given credit in our security announcement.
Please note that any support requests on this address will not be answered; you should use the support forum.
- CVE-2012-2274 - cross-site scripting (XSS) vulnerability in pivotx/ajaxhelper.php allowed remote attackers to inject arbitrary web script or HTML via the file parameter. Fixed in PivotX 2.3.3.
- SA45416 - TimThumb domain name security bypass and insecure cache handling.
PivotX before 2.3.0 includes a vulnerable version of TimThumb.
- CVE-2011-1035 - password reset vulnerability. Fixed in PivotX 2.3.2.
- CVE-2011-0775 - path disclosure weakness. Fixed in PivotX 2.3.2.
- CVE-2011-0774 - path disclosure weakness. Fixed in PivotX 2.3.2.
- CVE-2011-0773 - cross-site scripting (XSS) vulnerability. Fixed in PivotX 2.3.2.
- CVE-2011-0772 - multiple cross-site scripting (XSS) vulnerabilities. Fixed in PivotX 2.3.2.