CVE Vulnerability

CVE-2008-7242

Multiple cross-site scripting (XSS) vulnerabilities in MODx CMS 0.9.6.1 and 0.9.6.1p1 allo remote attackers to inject arbitrary web script or HTML via the (1) search, (2) "a," (3) messagesubject, and (4) messagebody parameters to certain pages as reachable from manager/index.php; (5) highlight, (6) id, (7) email, (8) name, and (9) parent parameters to index.php; and the (10) docgrp and (11) moreResultsPage parameters to index-ajax.php.

4.3 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 8.6 / Impact : 2.9

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

Scope

References
Link Resource
http://osvdb.org/41232
http://www.securityfocus.com/bid/27672 Exploit
http://secunia.com/advisories/28840 Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/40375
http://www.securityfocus.com/archive/1/487696/100/200/threaded
Configurations

Configuration 1

cpe:2.3:a:modxcms:modxcms:0.9.6.1:p1:*:*:*:*:*:*
cpe:2.3:a:modxcms:modxcms:0.9.6.1:*:*:*:*:*:*:*
Information

Published : 2009-09-17 06:30

Updated : 2018-10-11 08:58

NVD link : CVE-2008-7242

Mitre link : CVE-2008-7242

Products Affected

Modxcms

CWE
CWE-79