Skip to main content

Modx Revolution CVE-2018-10382

MEDIUM
Cross-site Scripting (XSS) (CWE-79)
2018-06-01 cve@mitre.org
5.4
CVSS 3.0 · NVD
Share

Severity by source

NVD PRIMARY
5.4 MEDIUM
AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

1
CVE Published
Jun 01, 2018 - 17:29 nvd
MEDIUM 5.4

DescriptionNVD

MODX Revolution 2.6.3 has XSS.

AnalysisAI

MODX Revolution 2.6.3 has XSS. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

Technical ContextAI

This vulnerability is classified as Cross-Site Scripting (XSS) (CWE-79), which allows attackers to inject malicious scripts into web pages viewed by other users. Affected products include: Modx Modx Revolution.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Sanitize all user input, use Content-Security-Policy headers, encode output contextually (HTML, JS, URL). Use frameworks with built-in XSS protection.

CVE-2017-7324 CRITICAL POC
9.8 Mar 30

setup/templates/findcore.php in MODX Revolution 2.5.4-pl and earlier allows remote attackers to execute arbitrary PHP co

CVE-2017-7321 CRITICAL POC
9.8 Mar 30

setup/controllers/welcome.php in MODX Revolution 2.5.4-pl and earlier allows remote attackers to execute arbitrary PHP c

CVE-2017-9069 HIGH POC
8.8 May 18

In MODX Revolution before 2.5.7, a user with file upload permissions is able to execute arbitrary code by uploading a fi

CVE-2017-7323 HIGH POC
8.1 Mar 30

The (1) update and (2) package-installation features in MODX Revolution 2.5.4-pl and earlier use http://rest.modx.com by

CVE-2017-7322 HIGH POC
8.1 Mar 30

The (1) update and (2) package-installation features in MODX Revolution 2.5.4-pl and earlier do not verify X.509 certifi

CVE-2019-1010123 HIGH POC
7.5 Jul 23

MODX Revolution Gallery 1.7.0 is affected by: CWE-434: Unrestricted Upload of File with Dangerous Type. Rated high sever

CVE-2018-1000208 HIGH POC
7.5 Jul 13

MODX Revolution version <=2.6.4 contains a Directory Traversal vulnerability in /core/model/modx/modmanagerrequest.class

CVE-2014-8775 MEDIUM POC
5.0 Dec 03

MODX Revolution 2.x before 2.2.15 does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, whic

CVE-2018-1000207 HIGH POC
7.2 Jul 13

MODX Revolution version <=2.6.4 contains a Incorrect Access Control vulnerability in Filtering user parameters before pa

CVE-2017-9067 HIGH POC
7.0 May 18

In MODX Revolution before 2.5.7, when PHP 5.3.3 is used, an attacker is able to include and execute arbitrary files on t

CVE-2014-8773 MEDIUM POC
6.8 Dec 03

MODX Revolution 2.x before 2.2.15 allows remote attackers to bypass the cross-site request forgery (CSRF) protection mec

CVE-2017-7320 MEDIUM POC
6.1 Mar 30

setup/controllers/language.php in MODX Revolution 2.5.4-pl and earlier does not properly constrain the language paramete

Share

CVE-2018-10382 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy