2 matches found
CVE-2015-6588
Cross-site scripting XSS vulnerability in login-fsp.html in MODX Revolution before 1.9.1 allows remote attackers to inject arbitrary web script or HTML via the QUERYSTRING...
CVE-2015-6588
CVE-2015-6588 affects MODX Revolution with an XSS in login-fsp.html (pre-1.9.1). The underlying issue is that the QUERY_STRING is not properly sanitized, allowing remote attackers to inject arbitrary script/HTML. Practical impact is user interaction is not required, but the attack occurs via craf...