Description
MODX Revolution 2.x before 2.2.15 allows remote attackers to bypass the cross-site request forgery (CSRF) protection mechanism by (1) omitting the CSRF token or via a (2) long string in the CSRF token parameter.
Remediation
References
Related Vulnerabilities
MediaWiki Other Vulnerability (CVE-2013-4567)
WordPress Plugin Login with Cognito Cross-Site Scripting (1.4.8)
Apache Traffic Server Uncontrolled Resource Consumption Vulnerability (CVE-2018-8005)
WordPress Plugin Affiliates Multiple Cross-Site Scripting Vulnerabilities (2.13.1)
WordPress Plugin WordPress File Upload Arbitrary File Upload (3.4.0)