Required CVE Record Information
Description
Cross-site scripting (XSS) vulnerability in manager/templates/default/header.tpl in ModX Revolution before 2.2.11 allows remote attackers to inject arbitrary web script or HTML via the "a" parameter.
References 5 Total
- securityfocus.com: 65755 vdb-entry
- secunia.com: 57038 third-party-advisory
- https://github.com/modxcms/revolution/commit/77463eb6a8090f474b04fdc1b72225cb93c558ea
- http://modx.com/blog/2014/01/21/revolution-2.2.11%E2%80%94security-fixes-and-prevent-change-loss
- seclists.org: [oss-security] 20140224 Re: CVE request: XSS in MODX Revolution before 2.2.11 mailing-list
Updated:
This container includes required additional information provided by the CVE Program for this vulnerability.
References 5 Total
- securityfocus.com: 65755 vdb-entryx_transferred
- secunia.com: 57038 third-party-advisoryx_transferred
- https://github.com/modxcms/revolution/commit/77463eb6a8090f474b04fdc1b72225cb93c558ea x_transferred
- http://modx.com/blog/2014/01/21/revolution-2.2.11%E2%80%94security-fixes-and-prevent-change-loss x_transferred
- seclists.org: [oss-security] 20140224 Re: CVE request: XSS in MODX Revolution before 2.2.11 mailing-listx_transferred