Lucene search
K

4 matches found

NVD
NVD
added 2014/11/06 6:55 p.m.17 views

CVE-2014-5451

Cross-site scripting XSS vulnerability in manager/templates/default/header.tpl in MODX Revolution 2.3.1-pl and earlier allows remote attackers to inject arbitrary web script or HTML via the "a" parameter to manager/. NOTE: this issue exists because of a CVE-2014-2080 regression...

4.3CVSS5.5AI score0.01892EPSS
Exploits3References5
CVE
CVE
added 2014/11/06 6:0 p.m.53 views

CVE-2014-5451

CVE-2014-5451 is a reflected XSS in MODX Revolution prior to or equal to 2.3.1-pl, caused by insufficient sanitization of input data passed via the HTTP GET parameter a to the path /manager/. The issue affects MODX Revolution v2.3.1-pl and earlier; exploitation can trick an admin to click a craft...

4.3CVSS5.6AI score0.01892EPSS
Exploits3References5Affected Software1
securityvulns
securityvulns
added 2014/10/14 12:0 a.m.61 views

Reflected Cross-Site Scripting (XSS) in MODX Revolution

Advisory ID: HTB23229 Product: MODX Revolution Vendor: MODX Vulnerable Versions: 2.3.1-pl and probably prior Tested Version: 2.3.1-pl Advisory Publication: August 20, 2014 without technical details Vendor Notification: August 20, 2014 Vendor Patch: September 11, 2014 Public Disclosure: September...

4.3CVSS6.3AI score0.01892EPSS
Exploits3
0day.today
0day.today
added 2014/09/18 12:0 a.m.47 views

MODX Revolution 2.3.1-pl Cross Site Scripting Vulnerability

MODX Revolution version 2.3.1-pl suffers from a reflective cross site scripting vulnerability. Vendor: MODX Vulnerable Versions: 2.3.1-pl and probably prior Tested Version: 2.3.1-pl Advisory Publication: August 20, 2014 without technical details Vendor Notification: August 20, 2014 Vendor Patch:...

4.3CVSS6.2AI score0.01892EPSS
Exploits3
Rows per page
Query Builder