Description

Cross-site scripting (XSS) vulnerability in manager/index.php in MODX Revolution 2.x before 2.2.15 allows remote attackers to inject arbitrary web script or HTML via the context_key parameter.

Remediation

References

CVE-2014-8774

Related Vulnerabilities

WordPress Plugin WP Retina 2x Cross-Site Scripting (5.2.0)

WordPress Plugin Maps Widget for Google Maps-Google Maps Builder Cross-Site Scripting (2.30)

WordPress Plugin ComicPress Manager 'lang' Parameter Cross-Site Scripting (1.4.9.9)

phpBB Permissions, Privileges, and Access Controls Vulnerability (CVE-2008-6506)

Joomla! Core 3.4.x Directory Traversal (3.4.0 - 3.4.5)

Severity

Medium

Classification

CVE-2014-8774 CWE-707

Tags

Missing Update Known Vulnerabilities