CVE-2006-1820
published 2006-04-18CVE-2006-1820: Cross-site scripting (XSS) vulnerability in index.php in ModX 0.9.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter. NOTE…
PriorityP422medium5.8CVSS 2.0
AVNACMAuNCPIPAN
EXPLOIT
EPSS
2.09%
79.3th percentile
Cross-site scripting (XSS) vulnerability in index.php in ModX 0.9.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter. NOTE: this might be resultant from the directory traversal vulnerability.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| modxcms | modxcms | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
netPanzer 0.8 rev 952 - 'frameNum' Server Terminiation
exploitdb·2006-05-23
CVE-2006-2575 netPanzer 0.8 rev 952 - 'frameNum' Server Terminiation
netPanzer 0.8 rev 952 - 'frameNum' Server Terminiation
---
# netPanzer 0.8 rev 952 (frameNum) Server Terminiation Exploit
https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/1820.zip (05232006-panza.zip)
# milw0rm.com [2006-05-23]
Exploit-DB
MODx CMS 0.9.1 - 'index.php' Cross-Site Scripting
exploitdb·2006-04-14
CVE-2006-1820 MODx CMS 0.9.1 - 'index.php' Cross-Site Scripting
MODx CMS 0.9.1 - 'index.php' Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/17532/info
MODxCMS is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
http://www.example.com/[modx_dir]/index.php?id=[parameter][XSS_here]
No writeups or analysis indexed.
http://secunia.com/advisories/19645http://securitytracker.com/id?1015940http://www.securityfocus.com/archive/1/431010/100/0/threadedhttp://www.securityfocus.com/bid/17533http://www.vupen.com/english/advisories/2006/1383https://exchange.xforce.ibmcloud.com/vulnerabilities/25894http://secunia.com/advisories/19645http://securitytracker.com/id?1015940http://www.securityfocus.com/archive/1/431010/100/0/threadedhttp://www.securityfocus.com/bid/17533http://www.vupen.com/english/advisories/2006/1383https://exchange.xforce.ibmcloud.com/vulnerabilities/25894
2006-04-18
Published