Cross site scripting

2009-01-2211:30:00

PRIOn knowledge base

www.prio-n.com

5.8 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

69.7%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in MODx before 0.9.6.3 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) the preserveUrls function and (2) “username input.” NOTE: vector 2 may be related to CVE-2008-5939.

CPENameOperatorVersion
modxcmseq0.9.2.1
modxcmseq0.9.0
modxcmseq0.9.6
modxcmseq0.9.1
modxcmsle0.9.6.2
modxcmseq0.9.6.1
modxcmseq0.9.5

Name	Operator	Version
modxcms	eq	0.9.2.1
modxcms	eq	0.9.0
modxcms	eq	0.9.6
modxcms	eq	0.9.1
modxcms	le	0.9.6.2
modxcms	eq	0.9.6.1
modxcms	eq	0.9.5

References

jvn.jp/en/jp/JVN10170564/index.html

jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000003.html

svn.modxcms.com/svn/tattoo/tattoo/releases/0.9.6.3/install/changelog.txt

www.securityfocus.com/bid/33184

exchange.xforce.ibmcloud.com/vulnerabilities/48184