5 matches found
CVE-2014-5451
Cross-site scripting XSS vulnerability in manager/templates/default/header.tpl in MODX Revolution 2.3.1-pl and earlier allows remote attackers to inject arbitrary web script or HTML via the "a" parameter to manager/. NOTE: this issue exists because of a CVE-2014-2080 regression...
Cross site scripting
Cross-site scripting XSS vulnerability in manager/templates/default/header.tpl in MODX Revolution 2.3.1-pl and earlier allows remote attackers to inject arbitrary web script or HTML via the "a" parameter to manager/. NOTE: this issue exists because of a CVE-2014-2080 regression...
CVE-2014-5451
CVE-2014-5451 is a reflected XSS in MODX Revolution prior to or equal to 2.3.1-pl, caused by insufficient sanitization of input data passed via the HTTP GET parameter a to the path /manager/. The issue affects MODX Revolution v2.3.1-pl and earlier; exploitation can trick an admin to click a craft...
CVE-2014-2080
Cross-site scripting XSS vulnerability in manager/templates/default/header.tpl in ModX Revolution before 2.2.11 allows remote attackers to inject arbitrary web script or HTML via the "a" parameter...
CVE-2014-2080
CVE-2014-2080 is a Cross-site scripting (XSS) vulnerability in MODX Revolution’s manager/templates/default/header.tpl. It affects MODX Revolution versions before 2.2.11, allowing remote attackers to inject arbitrary web script or HTML via the "a" parameter to the manager interface. The issue aris...