Unrated severityNVD Advisory· Published Apr 15, 2014· Updated May 6, 2026

CVE-2014-0341

Description

Multiple cross-site scripting (XSS) vulnerabilities in PivotX before 2.3.9 allow remote authenticated users to inject arbitrary web script or HTML via the title field to (1) templates_internal/pages.tpl, (2) templates_internal/home.tpl, or (3) templates_internal/entries.tpl; (4) an event field to objects.php; or the (5) email or (6) nickname field to pages.php, related to templates_internal/users.tpl.

Affected products

Pivotx/Pivotx18 versions
cpe:2.3:a:pivotx:pivotx:*:*:*:*:*:*:*:*+ 17 more
- cpe:2.3:a:pivotx:pivotx:*:*:*:*:*:*:*:*range: <=2.3.8
- cpe:2.3:a:pivotx:pivotx:2.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:pivotx:pivotx:2.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:pivotx:pivotx:2.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:pivotx:pivotx:2.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:pivotx:pivotx:2.2.0:b1:*:*:*:*:*:*
- cpe:2.3:a:pivotx:pivotx:2.2.0:b2:*:*:*:*:*:*
- cpe:2.3:a:pivotx:pivotx:2.2.0:rc:*:*:*:*:*:*
- cpe:2.3:a:pivotx:pivotx:2.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:pivotx:pivotx:2.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:pivotx:pivotx:2.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:pivotx:pivotx:2.2.5:*:*:*:*:*:*:*
- cpe:2.3:a:pivotx:pivotx:2.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:pivotx:pivotx:2.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:pivotx:pivotx:2.3.3:*:*:*:*:*:*:*
- cpe:2.3:a:pivotx:pivotx:2.3.5:*:*:*:*:*:*:*
- cpe:2.3:a:pivotx:pivotx:2.3.6:*:*:*:*:*:*:*
- cpe:2.3:a:pivotx:pivotx:2.3.7:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

sourceforge.net/p/pivot-weblog/code/4345/nvdExploitPatch
sourceforge.net/p/pivot-weblog/code/4349/nvdExploitPatch
pivotx.net/page/securitynvdVendor Advisory
www.kb.cert.org/vuls/id/901156nvdUS Government Resource
blog.pivotx.net/archive/2014/03/03/pivotx-239-releasednvd
www.securityfocus.com/bid/66800nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000