Modx Revolution@2.2.13 Security Vulnerabilities and Issues — Modx Revolution@2.2.13 CVE List

Lucene search

ModxModx Revolution2.2.13

3 matches found

CVE•added 2014/12/03 6:59 p.m.•45 views

CVE-2014-8773

MODX Revolution 2.x before 2.2.15 allows remote attackers to bypass the cross-site request forgery (CSRF) protection mechanism by (1) omitting the CSRF token or via a (2) long string in the CSRF token parameter.

6.8CVSS7.1AI score0.00361EPSS

CVE•added 2014/12/03 6:59 p.m.•43 views

CVE-2014-8774

Cross-site scripting (XSS) vulnerability in manager/index.php in MODX Revolution 2.x before 2.2.15 allows remote attackers to inject arbitrary web script or HTML via the context_key parameter.

4.3CVSS5.9AI score0.00453EPSS

CVE•added 2014/12/03 6:59 p.m.•33 views

CVE-2014-8775

MODX Revolution 2.x before 2.2.15 does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie.

5CVSS6.3AI score0.05972EPSS