Lucene search

[email protected]CVE-2008-7243

HistorySep 17, 2009 - 6:30 p.m.

CVE-2008-7243

2009-09-1718:30:00

CWE-352

[email protected]

web.nvd.nist.gov

cve-2008-7243

csrf

modx cms 0.9.6.1

security vulnerability

cross-site request forgery

nvd

7.1 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.003 Low

EPSS

Percentile

71.2%

JSON

Cross-site request forgery (CSRF) vulnerability in page 34 in MODx CMS 0.9.6.1 and 0.9.6.1p1 allows remote attackers to hijack the authentication of other users for requests that modify passwords via manager/index.php. NOTE: due to the lack of details, it is not clear whether this is related to CVE-2008-5941.

Affected configurations

NVD

Node

modxcmsmodxcmsMatch0.9.6.1

modxcmsmodxcmsMatch0.9.6.1p1

CPENameOperatorVersion
modxcms:modxcmsmodxcmseq0.9.6.1

CPE	Name	Operator	Version
modxcms:modxcms	modxcms	eq	0.9.6.1

References

secunia.com/advisories/28840

www.securityfocus.com/archive/1/487696/100/200/threaded

www.securityfocus.com/bid/27672

exchange.xforce.ibmcloud.com/vulnerabilities/40378

7.1 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.003 Low

EPSS

Percentile

71.2%

JSON

Related for CVE-2008-7243

prion2 nvd2 cvelist2 jvn1 cve1