Description

Cross-site scripting (XSS) vulnerability in manager/index.php in MODX Revolution 2.x before 2.2.15 allows remote attackers to inject arbitrary web script or HTML via the context_key parameter.

Remediation

References

CVE-2014-8774

Related Vulnerabilities

MediaWiki Improper Input Validation Vulnerability (CVE-2011-1580)

Magento Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-9691)

Oracle HTTP Server Improper Initialization Vulnerability (CVE-2022-22719)

WordPress Plugin JS Job Manager Unspecified Vulnerability (1.0.9)

Liferay DXP Incorrect Default Permissions Vulnerability (CVE-2022-42128)

Severity

Medium

Classification

CVE-2014-8774 CWE-707

Tags

Missing Update Known Vulnerabilities