CVE-2008-5939
published 2009-01-22CVE-2008-5939: Cross-site scripting (XSS) vulnerability in index.php in MODx CMS 0.9.6.2 and earlier allows remote attackers to inject arbitrary web script or HTML via a…
PriorityP419medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EXPLOIT
EPSS
1.71%
74.5th percentile
Cross-site scripting (XSS) vulnerability in index.php in MODx CMS 0.9.6.2 and earlier allows remote attackers to inject arbitrary web script or HTML via a JavaScript event in the username field, possibly related to snippet.ditto.php. NOTE: some sources list the id parameter as being affected, but this is probably incorrect based on the original disclosure.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| modxcms | modxcms | <= 0.9.6.2 | — |
| modxcms | modxcms | — | — |
| modxcms | modxcms | — | — |
| modxcms | modxcms | — | — |
| modxcms | modxcms | — | — |
| modxcms | modxcms | — | — |
| modxcms | modxcms | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-gpv2-c7mg-22pc: Cross-site scripting (XSS) vulnerability in index
ghsa_unreviewed·2022-05-17
CVE-2008-5939 [MEDIUM] CWE-79 GHSA-gpv2-c7mg-22pc: Cross-site scripting (XSS) vulnerability in index
Cross-site scripting (XSS) vulnerability in index.php in MODx CMS 0.9.6.2 and earlier allows remote attackers to inject arbitrary web script or HTML via a JavaScript event in the username field, possibly related to snippet.ditto.php. NOTE: some sources list the id parameter as being affected, but this is probably incorrect based on the original disclosure.
GHSA
GHSA-cv97-f4cf-x5hj: Multiple cross-site scripting (XSS) vulnerabilities in MODx before 0
ghsa_unreviewed·2022-05-17·CVSS 4.3
CVE-2008-5942 [MEDIUM] CWE-79 GHSA-cv97-f4cf-x5hj: Multiple cross-site scripting (XSS) vulnerabilities in MODx before 0
Multiple cross-site scripting (XSS) vulnerabilities in MODx before 0.9.6.3 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) the preserveUrls function and (2) "username input." NOTE: vector 2 may be related to CVE-2008-5939.
No detection rules found.
No writeups or analysis indexed.
http://securityreason.com/securityalert/4940http://svn.modxcms.com/svn/tattoo/tattoo/releases/0.9.6.3/install/changelog.txthttp://www.securityfocus.com/bid/32436http://www.vupen.com/english/advisories/2008/3236https://exchange.xforce.ibmcloud.com/vulnerabilities/46796https://www.exploit-db.com/exploits/7204http://securityreason.com/securityalert/4940http://svn.modxcms.com/svn/tattoo/tattoo/releases/0.9.6.3/install/changelog.txthttp://www.securityfocus.com/bid/32436http://www.vupen.com/english/advisories/2008/3236https://exchange.xforce.ibmcloud.com/vulnerabilities/46796https://www.exploit-db.com/exploits/7204
2009-01-22
Published