Cross-site scripting (XSS) vulnerability in pivotx/ajaxhelper.php in PivotX 2.3.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the file parameter.
http://www.securityfocus.com/bid/53434
http://pivotx.net/page/security
http://pivot-weblog.svn.sourceforge.net/viewvc/pivot-weblog?view=revision&revision=4147
http://pivot-weblog.svn.sourceforge.net/viewvc/pivot-weblog?view=revision&revision=4145