CVE-2008-7242

Multiple cross-site scripting (XSS) vulnerabilities in MODx CMS 0.9.6.1 and 0.9.6.1p1 allo remote attackers to inject arbitrary web script or HTML via the (1) search, (2) "a," (3) messagesubject, and (4) messagebody parameters to certain pages as reachable from manager/index.php; (5) highlight, (6) id, (7) email, (8) name, and (9) parent parameters to index.php; and the (10) docgrp and (11) moreResultsPage parameters to index-ajax.php.

Published: Sep 17, 2009
Updated: Apr 13, 2023
CVE: CVE-2008-7242
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N

CWEs:

CWE-79

OWASP TOP 10:

A7 - Cross-Site Scripting (XSS)

Affected Software
References

Software	From	Fixed in
modxcms / modxcms	0.9.6.1-p1	0.9.6.1-p1.x
modxcms / modxcms	0.9.6.1	0.9.6.1.x

http://osvdb.org/41232
http://secunia.com/advisories/28840
http://www.securityfocus.com/archive/1/487696/100/200/threaded
http://www.securityfocus.com/bid/27672
https://exchange.xforce.ibmcloud.com/vulnerabilities/40375

Vulnerability Database

CVE-2008-7242