CVE-2014-2080

Sažetak

Cross-site scripting (XSS) vulnerability in manager/templates/default/header.tpl in ModX Revolution before 2.2.11 allows remote attackers to inject arbitrary web script or HTML via the "a" parameter.

Reference

http://modx.com/blog/2014/01/21/revolution-2.2.11%E2%80%94security-fixes-and-prevent-change-loss
http://seclists.org/oss-sec/2014/q1/431
http://secunia.com/advisories/57038
http://www.securityfocus.com/bid/65755
https://github.com/modxcms/revolution/commit/77463eb6a8090f474b04fdc1b72225cb93c558ea

CVSS

Base:	4.3
Impact:	2.9
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	PARTIAL	NONE

CVSS vektor

AV:N/AC:M/Au:N/C:N/I:P/A:N

Zadnje važnije ažuriranje

30-07-2015 - 14:52

Objavljeno

01-03-2014 - 00:01