Summary
This host is running MODx CMS and is prone to cross site scripting vulnerability
Impact
Successful exploitation will allow remote attackers to execute arbitrary HTML or script code, steal cookie-based authentication credentials and launch other attacks.
Impact Level: Application
Solution
Upgrade to MODx version 2.3.0 or later.
For updates refer to http://modx.com
Insight
Flaw exists due to improper sanitization of url, when accessing 'findcore.php' and 'xpdo.class.php' scripts.
Affected
MODx version 2.2.10, Other versions may also be affected.
Detection
Send a crafted exploit string via HTTP GET request and check whether it is able to read the cookie or not.
References
Severity
Classification
-
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
Related Vulnerabilities
- APC PowerChute Network Shutdown HTTP Response Splitting Vulnerability
- AbanteCart Multiple Cross-Site Scripting Vulnerabilities
- AjaXplorer 'doc_file' Parameter Local File Disclosure Vulnerability
- Adobe ColdFusion Unspecified Information Disclosure Vulnerability
- Allaire JRun directory browsing vulnerability