Published: 06/11/2014 Updated: 09/10/2018
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
VMScore: 383
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Vulnerability Summary

Cross-site scripting (XSS) vulnerability in manager/templates/default/header.tpl in MODX Revolution 2.3.1-pl and previous versions allows remote malicious users to inject arbitrary web script or HTML via the "a" parameter to manager/. NOTE: this issue exists because of a CVE-2014-2080 regression.

Affected Products

Vendor Product Versions
ModxModx Revolution2.3.1

Mailing Lists

MODX Revolution version 231-pl suffers from a reflective cross site scripting vulnerability ...