Published: 03/12/2014 Updated: 22/10/2019

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

VMScore: 685

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

MODX Revolution 2.x prior to 2.2.15 allows remote malicious users to bypass the cross-site request forgery (CSRF) protection mechanism by (1) omitting the CSRF token or via a (2) long string in the CSRF token parameter.

Vulnerable Product	Search on Vulmon	Subscribe to Product
modx modx revolution 2.1.2
modx modx revolution 2.1.3
modx modx revolution 2.1.4
modx modx revolution 2.1.5
modx modx revolution 2.2.8
modx modx revolution 2.2.9
modx modx revolution 2.0.0
modx modx revolution 2.0.7
modx modx revolution 2.1.0
modx modx revolution 2.2.1
modx modx revolution 2.2.11
modx modx revolution 2.2.5
modx modx revolution 2.2.7
modx modx revolution 2.0.1
modx modx revolution 2.0.8
modx modx revolution 2.1.1
modx modx revolution 2.2.0
modx modx revolution 2.2.10
modx modx revolution 2.2.4
modx modx revolution 2.2.6
modx modx revolution 2.0.3
modx modx revolution 2.0.4
modx modx revolution 2.0.5
modx modx revolution 2.0.6
modx modx revolution 2.2.12
modx modx revolution 2.2.13
modx modx revolution 2.2.14
modx modx revolution 2.2.2
modx modx revolution 2.2.3

Advisory ID: 92152 Product: MODX Revolution Vendor: MODX Vulnerable Version(s): 2002214 Tested Version: 2214 Advisory Publication: 16 July, 2014 [without technical details] Vendor Notification: 16 July, 2014 Vendor Patch: 15 July, 2014 Public Disclosure: 2 November , 2014 Vulnerability Type: CSRF Tokens Bypass + Reflected Cross Site S ...

CWE-352 http://forums.modx.com/thread/92152/critical-login-xss-csrf-revolution-2-2-1-4-and-prior http://hacktivity.websecgeeks.com/modx-csrf-and-xss/https://nvd.nist.gov https://www.exploit-db.com/exploits/35159/

CVE-2014-8773

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect