Description

Cross-site scripting (XSS) vulnerability in manager/assets/fileapi/FileAPI.flash.image.swf in MODX Revolution 2.3.2-pl allows remote attackers to inject arbitrary web script or HTML via the callback parameter.

Remediation

References

CVE-2014-8992

Related Vulnerabilities

GlassFish CVE-2016-5528 Vulnerability (CVE-2016-5528)

WordPress Plugin Ninja Forms Contact Form-The Drag and Drop Form Builder for WordPress Cross-Site Scripting (2.9.18)

Joomla! Core 2.5.x Security Bypass (2.5.0 - 2.5.4)

Drupal Core 4.6.x Security Bypass (4.6.0 - 4.6.3)

WordPress Plugin Redirection for Contact Form 7 Multiple Vulnerabilities (2.3.3)

Severity

Medium

Classification

CVE-2014-8992 CWE-707

Tags

Missing Update Known Vulnerabilities