CVE-2014-2080
published 2014-03-01CVE-2014-2080: Cross-site scripting (XSS) vulnerability in manager/templates/default/header.tpl in ModX Revolution before 2.2.11 allows remote attackers to inject arbitrary…
PriorityP419medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EPSS
1.90%
77.1th percentile
Cross-site scripting (XSS) vulnerability in manager/templates/default/header.tpl in ModX Revolution before 2.2.11 allows remote attackers to inject arbitrary web script or HTML via the "a" parameter.
Affected
27 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| modx | modx_revolution | <= 2.2.10 | — |
| modx | modx_revolution | <= 2.3.1 | — |
| modx | modx_revolution | — | — |
| modx | modx_revolution | — | — |
| modx | modx_revolution | — | — |
| modx | modx_revolution | — | — |
| modx | modx_revolution | — | — |
| modx | modx_revolution | — | — |
| modx | modx_revolution | — | — |
| modx | modx_revolution | — | — |
| modx | modx_revolution | — | — |
| modx | modx_revolution | — | — |
| modx | modx_revolution | — | — |
| modx | modx_revolution | — | — |
| modx | modx_revolution | — | — |
| modx | modx_revolution | — | — |
| modx | modx_revolution | — | — |
| modx | modx_revolution | — | — |
| modx | modx_revolution | — | — |
| modx | modx_revolution | — | — |
| modx | modx_revolution | — | — |
| modx | modx_revolution | — | — |
| modx | modx_revolution | — | — |
| modx | modx_revolution | — | — |
| modx | modx_revolution | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-jv4m-wpwv-6vxg: Cross-site scripting (XSS) vulnerability in manager/templates/default/header
ghsa_unreviewed·2022-05-17
CVE-2014-2080 [MEDIUM] CWE-79 GHSA-jv4m-wpwv-6vxg: Cross-site scripting (XSS) vulnerability in manager/templates/default/header
Cross-site scripting (XSS) vulnerability in manager/templates/default/header.tpl in ModX Revolution before 2.2.11 allows remote attackers to inject arbitrary web script or HTML via the "a" parameter.
GHSA
GHSA-6gcw-2jwm-f6f4: Cross-site scripting (XSS) vulnerability in manager/templates/default/header
ghsa_unreviewed·2022-05-14·CVSS 4.3
CVE-2014-5451 [MEDIUM] CWE-79 GHSA-6gcw-2jwm-f6f4: Cross-site scripting (XSS) vulnerability in manager/templates/default/header
Cross-site scripting (XSS) vulnerability in manager/templates/default/header.tpl in MODX Revolution 2.3.1-pl and earlier allows remote attackers to inject arbitrary web script or HTML via the "a" parameter to manager/. NOTE: this issue exists because of a CVE-2014-2080 regression.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://modx.com/blog/2014/01/21/revolution-2.2.11%E2%80%94security-fixes-and-prevent-change-losshttp://seclists.org/oss-sec/2014/q1/431http://secunia.com/advisories/57038http://www.securityfocus.com/bid/65755https://github.com/modxcms/revolution/commit/77463eb6a8090f474b04fdc1b72225cb93c558eahttp://modx.com/blog/2014/01/21/revolution-2.2.11%E2%80%94security-fixes-and-prevent-change-losshttp://seclists.org/oss-sec/2014/q1/431http://secunia.com/advisories/57038http://www.securityfocus.com/bid/65755https://github.com/modxcms/revolution/commit/77463eb6a8090f474b04fdc1b72225cb93c558ea
2014-03-01
Published