MODx CMS Cross Site Scripting Vulnerability Network Vulnerability

Summary

This host is running MODx CMS and is prone to cross site scripting vulnerability

Impact

Successful exploitation will allow remote attackers to execute arbitrary HTML or script code, steal cookie-based authentication credentials and launch other attacks. Impact Level: Application

Solution

Upgrade to MODx version 2.3.0 or later. For updates refer to http://modx.com

Insight

Flaw exists due to improper sanitization of url, when accessing 'findcore.php' and 'xpdo.class.php' scripts.

Affected

MODx version 2.2.10, Other versions may also be affected.

Detection

Send a crafted exploit string via HTTP GET request and check whether it is able to read the cookie or not.

References

http://osvdb.org/98834
http://seclists.org/bugtraq/2013/Oct/108
http://xforce.iss.net/xforce/xfdb/88208

Updated on 2017-03-28

Severity

Classification

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Allaire JRun directory browsing vulnerability
Adobe ColdFusion Multiple Vulnerabilities-03 May-2014
Apache Tomcat cal2.jsp Cross Site Scripting Vulnerability
Apache Commons Daemon 'jsvc' Information Disclosure Vulnerability
A Really Simple Chat Multiple XSS Vulnerabilities

Take action and discover your vulnerabilities