CVSS: 7.5EPSS: 0%CPEs: 27EXPL: 0CVE-2014-2311
https://notcve.org/view.php?id=CVE-2014-2311
SQL injection vulnerability in modx.class.php in MODX Revolution 2.0.0 before 2.2.13 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Vulnerabilidad de inyección SQL en modx.class.php en MODX Revolution 2.0.0 anterior a 2.2.13 permite a atacantes remotos ejecutar comandos SQL arbitrarios a través de vectores no especificados. • http://forums.modx.com/thread/89486/modx-revolution-2-x-sql-injection http://modx.com/blog/2014/03/07/revolution-2.2.13 http://www.openwall.com/lists/oss-security/2014/03/09/3 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 4.3EPSS: 0%CPEs: 26EXPL: 1CVE-2014-2080
https://notcve.org/view.php?id=CVE-2014-2080
Cross-site scripting (XSS) vulnerability in manager/templates/default/header.tpl in ModX Revolution before 2.2.11 allows remote attackers to inject arbitrary web script or HTML via the "a" parameter. Vulnerabilidad de XSS en manager/templates/default/header.tpl en ModX Revolution en versiones anteriores a 2.2.11 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del parámetro "a". • http://modx.com/blog/2014/01/21/revolution-2.2.11%E2%80%94security-fixes-and-prevent-change-loss http://seclists.org/oss-sec/2014/q1/431 http://secunia.com/advisories/57038 http://www.securityfocus.com/bid/65755 https://github.com/modxcms/revolution/commit/77463eb6a8090f474b04fdc1b72225cb93c558ea • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •