CVE-2008-5939

2009-01-2211:00:00

mitre

www.cve.org

5.5 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

69.7%

JSON

Cross-site scripting (XSS) vulnerability in index.php in MODx CMS 0.9.6.2 and earlier allows remote attackers to inject arbitrary web script or HTML via a JavaScript event in the username field, possibly related to snippet.ditto.php. NOTE: some sources list the id parameter as being affected, but this is probably incorrect based on the original disclosure.

References

securityreason.com/securityalert/4940

svn.modxcms.com/svn/tattoo/tattoo/releases/0.9.6.3/install/changelog.txt

www.securityfocus.com/bid/32436

www.vupen.com/english/advisories/2008/3236

exchange.xforce.ibmcloud.com/vulnerabilities/46796

www.exploit-db.com/exploits/7204