Cross-site scripting (XSS) vulnerability in pivotx/modules/module_image.php in PivotX before 2.2.3 allows remote attackers to inject arbitrary web script or HTML via the image parameter.
https://exchange.xforce.ibmcloud.com/vulnerabilities/64976
http://twitter.com/pivotx/statuses/29889056263376898
http://securityreason.com/securityalert/8063
http://secunia.com/advisories/43045
http://pivot-weblog.svn.sf.net/viewvc/pivot-weblog?view=revision&revision=3459