MODx 2.0.2-pl local file-include and cross-site scripting vulnerabilitie
Reporter | Title | Published | Views | Family All 6 |
---|---|---|---|---|
CVE | CVE-2010-4883 | 7 Oct 201110:55 | – | cve |
Tenable Nessus | MODx < 2.0.3-pl modahsh Parameter XSS | 20 Oct 201100:00 | – | nessus |
NVD | CVE-2010-4883 | 7 Oct 201110:55 | – | nvd |
OpenVAS | MODX Local File Include and Cross Site Scripting Vulnerabilities | 30 Sep 201000:00 | – | openvas |
Cvelist | CVE-2010-4883 | 7 Oct 201110:00 | – | cvelist |
Prion | Cross site scripting | 7 Oct 201110:55 | – | prion |
source: https://www.securityfocus.com/bid/43577/info
MODx is prone to a local file-include vulnerability and a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
An attacker can exploit the local file-include vulnerability using directory-traversal strings to view and execute local files within the context of the webserver process. Information harvested may aid in further attacks.
The attacker may leverage the cross-site scripting issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.
MODx 2.0.2-pl is vulnerable; other versions may also be affected.
http://www.example.com/modx/manager/index.php?modahsh=%22%3E%3Cscript%3Ealert(0)%3C/script%3E
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo