CVE-2008-7242

Multiple cross-site scripting (XSS) vulnerabilities in MODx CMS 0.9.6.1 and 0.9.6.1p1 allo remote attackers to inject arbitrary web script or HTML via the (1) search, (2) "a," (3) messagesubject, and (4) messagebody parameters to certain pages as reachable from manager/index.php; (5) highlight, (6) id, (7) email, (8) name, and (9) parent parameters to index.php; and the (10) docgrp and (11) moreResultsPage parameters to index-ajax.php.

CVSS v2.0 4.3 MEDIUM

4.3^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://osvdb.org/41232
http://secunia.com/advisories/28840	Vendor Advisory
http://www.securityfocus.com/archive/1/487696/100/200/threaded
http://www.securityfocus.com/bid/27672	Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/40375

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:modxcms:modxcms:0.9.6.1:::::::*
	cpe:2.3:a:modxcms:modxcms:0.9.6.1:p1::::::

History

No history.

Information

Published : 2009-09-17 18:30

Updated : 2024-02-04 17:33

NVD link : CVE-2008-7242

Mitre link : CVE-2008-7242

CVE.ORG link : CVE-2008-7242

JSON object : View

Products Affected

modxcms

modxcms

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

{"id": "CVE-2008-7242", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2009-09-17T18:30:00.250", "references": [{"url": "http://osvdb.org/41232", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/28840", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/487696/100/200/threaded", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/27672", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40375", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in MODx CMS 0.9.6.1 and 0.9.6.1p1 allo remote attackers to inject arbitrary web script or HTML via the (1) search, (2) \"a,\" (3) messagesubject, and (4) messagebody parameters to certain pages as reachable from manager/index.php; (5) highlight, (6) id, (7) email, (8) name, and (9) parent parameters to index.php; and the (10) docgrp and (11) moreResultsPage parameters to index-ajax.php."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de ejecuci\u00f3n de secuencias de comandos en sitios cruzados en MODx CMS v0.9.6.1 y v0.9.6.1p1, permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elecci\u00f3n a trav\u00e9s de los par\u00e1metros (1) \"search\", (2) \"a,\" (3) \"messagesubject\" y (4) \"messagebody\" a determinadas p\u00e1ginas accesibles desde el manager/index.php; los par\u00e1metros (5) \"highlight\", (6) \"id\", (7) \"email\", (8) \"name\" y (9) \"parent\" al index.php; y los par\u00e1metros (10) \"docgrp\" y (11) \"moreResultsPage\" a index-ajax.php."}], "lastModified": "2018-10-11T20:58:35.130", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:modxcms:modxcms:0.9.6.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4E9E1F5D-2B90-454A-BDA8-5D3B2683078F"}, {"criteria": "cpe:2.3:a:modxcms:modxcms:0.9.6.1:p1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3707754B-A6F7-49E4-8426-ED0D2437D2C6"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}