NotCVE - vendor:"Modx" product:"Modx Revolution" version:"2.2.14"

Page 3 of 24 results (0.002 seconds)

CVSS: 8.8EPSS: 0%CPEs: 29EXPL: 2

CVE-2014-8773 – MODx CMS 2.2.14 - Cross-Site Request Forgery Bypass / Reflected Cross-Site Scripting / Persistent Cross-Site Scripting

https://notcve.org/view.php?id=CVE-2014-8773

03 Dec 2014 — MODX Revolution 2.x before 2.2.15 allows remote attackers to bypass the cross-site request forgery (CSRF) protection mechanism by (1) omitting the CSRF token or via a (2) long string in the CSRF token parameter. MODX Revolution 2.x anterior a 2.2.15 permite a atacantes remotos evadir el mecanismo de protección de CSRF mediante la (1) omisión del token CSRF o a través de una (2) cadena larga en el parámetro del token CSRF. • https://www.exploit-db.com/exploits/35159 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 6.1EPSS: 0%CPEs: 29EXPL: 2

CVE-2014-8774 – MODx CMS 2.2.14 - Cross-Site Request Forgery Bypass / Reflected Cross-Site Scripting / Persistent Cross-Site Scripting

https://notcve.org/view.php?id=CVE-2014-8774

03 Dec 2014 — Cross-site scripting (XSS) vulnerability in manager/index.php in MODX Revolution 2.x before 2.2.15 allows remote attackers to inject arbitrary web script or HTML via the context_key parameter. Vulnerabilidad de XSS en manager/index.php en MODX Revolution 2.x anterior a 2.2.15 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del parámetro context_key. • https://www.exploit-db.com/exploits/35159 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.3EPSS: 6%CPEs: 29EXPL: 2

CVE-2014-8775 – MODx CMS 2.2.14 - Cross-Site Request Forgery Bypass / Reflected Cross-Site Scripting / Persistent Cross-Site Scripting

https://notcve.org/view.php?id=CVE-2014-8775

03 Dec 2014 — MODX Revolution 2.x before 2.2.15 does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie. MODX Revolution 2.x anterior a 2.2.15 no incluye el indicador HTTPOnly en una cabecera de fijar la cookie en la cookie de la sesión, lo que facilita a atacantes remotos obtener información potencialmente sensible a través del acceso de secuencias de comandos a esta cookie. • https://www.exploit-db.com/exploits/35159 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 5

CVE-2014-5451 – MODX Revolution 2.3.1-pl Cross Site Scripting

https://notcve.org/view.php?id=CVE-2014-5451

17 Sep 2014 — Cross-site scripting (XSS) vulnerability in manager/templates/default/header.tpl in MODX Revolution 2.3.1-pl and earlier allows remote attackers to inject arbitrary web script or HTML via the "a" parameter to manager/. NOTE: this issue exists because of a CVE-2014-2080 regression. Vulnerabilidad de XSS en manager/templates/default/header.tpl en MODX Revolution 2.3.1-pl y anteriores permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del parámetro 'a' en manager/. NOTA... • https://packetstorm.news/files/id/128302 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

1 2 3