4 matches found
CVE-2014-5451
Cross-site scripting XSS vulnerability in manager/templates/default/header.tpl in MODX Revolution 2.3.1-pl and earlier allows remote attackers to inject arbitrary web script or HTML via the "a" parameter to manager/. NOTE: this issue exists because of a CVE-2014-2080 regression...
CVE-2014-5451
CVE-2014-5451 is a reflected XSS in MODX Revolution prior to or equal to 2.3.1-pl, caused by insufficient sanitization of input data passed via the HTTP GET parameter a to the path /manager/. The issue affects MODX Revolution v2.3.1-pl and earlier; exploitation can trick an admin to click a craft...
Reflected Cross-Site Scripting (XSS) in MODX Revolution
Advisory ID: HTB23229 Product: MODX Revolution Vendor: MODX Vulnerable Versions: 2.3.1-pl and probably prior Tested Version: 2.3.1-pl Advisory Publication: August 20, 2014 without technical details Vendor Notification: August 20, 2014 Vendor Patch: September 11, 2014 Public Disclosure: September...
MODX Revolution 2.3.1-pl Cross Site Scripting Vulnerability
MODX Revolution version 2.3.1-pl suffers from a reflective cross site scripting vulnerability. Vendor: MODX Vulnerable Versions: 2.3.1-pl and probably prior Tested Version: 2.3.1-pl Advisory Publication: August 20, 2014 without technical details Vendor Notification: August 20, 2014 Vendor Patch:...