Vulnerability Details CVE-2008-5939
Cross-site scripting (XSS) vulnerability in index.php in MODx CMS 0.9.6.2 and earlier allows remote attackers to inject arbitrary web script or HTML via a JavaScript event in the username field, possibly related to snippet.ditto.php. NOTE: some sources list the id parameter as being affected, but this is probably incorrect based on the original disclosure.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.035
EPSS Ranking 87.0%
CVSS Severity
CVSS v2 Score 4.3
References
- http://securityreason.com/securityalert/4940
- http://svn.modxcms.com/svn/tattoo/tattoo/releases/0.9.6.3/install/changelog.txt
- http://www.securityfocus.com/bid/32436
- http://www.vupen.com/english/advisories/2008/3236
- https://exchange.xforce.ibmcloud.com/vulnerabilities/46796
- https://www.exploit-db.com/exploits/7204
- http://securityreason.com/securityalert/4940
- http://svn.modxcms.com/svn/tattoo/tattoo/releases/0.9.6.3/install/changelog.txt
- http://www.securityfocus.com/bid/32436
- http://www.vupen.com/english/advisories/2008/3236
- https://exchange.xforce.ibmcloud.com/vulnerabilities/46796
- https://www.exploit-db.com/exploits/7204
Products affected by CVE-2008-5939
-
cpe:2.3:a:modxcms:modxcms:*
-
cpe:2.3:a:modxcms:modxcms:0.9.0
-
cpe:2.3:a:modxcms:modxcms:0.9.1
-
cpe:2.3:a:modxcms:modxcms:0.9.2.1
-
cpe:2.3:a:modxcms:modxcms:0.9.5
-
cpe:2.3:a:modxcms:modxcms:0.9.6
-
cpe:2.3:a:modxcms:modxcms:0.9.6.1