Required CVE Record Information
Description
Multiple cross-site scripting (XSS) vulnerabilities in MODx before 0.9.6.3 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) the preserveUrls function and (2) "username input." NOTE: vector 2 may be related to CVE-2008-5939.
References 5 Total
- jvndb.jvn.jp: JVNDB-2009-000003 third-party-advisory
- exchange.xforce.ibmcloud.com: modx-preserveurls-xss(48184) vdb-entry
- jvn.jp: JVN#10170564 third-party-advisory
- http://svn.modxcms.com/svn/tattoo/tattoo/releases/0.9.6.3/install/changelog.txt
- securityfocus.com: 33184 vdb-entry
Updated:
This container includes required additional information provided by the CVE Program for this vulnerability.
References 5 Total
- jvndb.jvn.jp: JVNDB-2009-000003 third-party-advisoryx_transferred
- exchange.xforce.ibmcloud.com: modx-preserveurls-xss(48184) vdb-entryx_transferred
- jvn.jp: JVN#10170564 third-party-advisoryx_transferred
- http://svn.modxcms.com/svn/tattoo/tattoo/releases/0.9.6.3/install/changelog.txt x_transferred
- securityfocus.com: 33184 vdb-entryx_transferred