Introduction

We take seriously any security issues found in our code. Below, you can see past security issues which were discovered and fixed (in the current stable release).

Should you find a security issue in the PivotX programming code, please contact the PivotX security team in advance before publishing it. This way we can prepare a fix and release the fix together with your announcement. You will be also given credit in our security announcement.

Please note that any support requests on this address will not be answered; you should use the support forum.

Issue list

• HTB23087 - cross-site scripting (XSS) vulnerability. Fixed in PivotX 2.3.3. (CVE-2012-2274 is reserved for this issue.)
• SA45416 - TimThumb domain name security bypass and insecure cache handling.
  PivotX before 2.3.0 includes a vulnerable version of TimThumb.
  
• CVE-2011-1035 - password reset vulnerability. Fixed in PivotX 2.3.2.
• CVE-2011-0775 - path disclosure weakness. Fixed in PivotX 2.3.2.
• CVE-2011-0774 - path disclosure weakness. Fixed in PivotX 2.3.2.
• CVE-2011-0773 - cross-site scripting (XSS) vulnerability. Fixed in PivotX 2.3.2.
• CVE-2011-0772 - multiple cross-site scripting (XSS) vulnerabilities. Fixed in PivotX 2.3.2.