Modx Revolution Security Vulnerabilities and Issues — Modx Revolution CVE List

Lucene search

ModxModx Revolution

4 matches found

CVE•added 2014/12/03 6:59 p.m.•45 views

CVE-2014-8773

MODX Revolution 2.x before 2.2.15 allows remote attackers to bypass the cross-site request forgery (CSRF) protection mechanism by (1) omitting the CSRF token or via a (2) long string in the CSRF token parameter.

6.8CVSS7.1AI score0.00361EPSS

CVE•added 2014/12/03 6:59 p.m.•43 views

CVE-2014-8774

Cross-site scripting (XSS) vulnerability in manager/index.php in MODX Revolution 2.x before 2.2.15 allows remote attackers to inject arbitrary web script or HTML via the context_key parameter.

4.3CVSS5.9AI score0.00453EPSS

CVE•added 2014/12/22 7:59 p.m.•35 views

CVE-2014-8992

Cross-site scripting (XSS) vulnerability in manager/assets/fileapi/FileAPI.flash.image.swf in MODX Revolution 2.3.2-pl allows remote attackers to inject arbitrary web script or HTML via the callback parameter.

4.3CVSS5.9AI score0.00225EPSS

CVE•added 2014/12/03 6:59 p.m.•33 views

CVE-2014-8775

MODX Revolution 2.x before 2.2.15 does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie.

5CVSS6.3AI score0.05972EPSS