Description

Cross-site scripting (XSS) vulnerability in manager/templates/default/header.tpl in ModX Revolution before 2.2.11 allows remote attackers to inject arbitrary web script or HTML via the "a" parameter.

Remediation

References

CVE-2014-2080

Related Vulnerabilities

WordPress Plugin Nmedia WordPress Member Conversation 'doupload.php' Arbitrary File Upload (1.3)

Drupal Permissions, Privileges, and Access Controls Vulnerability (CVE-2011-2687)

MySQL CVE-2019-2502 Vulnerability (CVE-2019-2502)

WordPress Plugin WooCommerce BuddyPress Integration Security Bypass (3.2.5)

WordPress Plugin Community by PeepSo-Social Network, Membership, Registration, User Profiles Multiple Cross-Site Request Forgery Vulnerabilities (6.0.2.0)

Severity

Medium

Classification

CVE-2014-2080 CWE-707

Tags

Missing Update Known Vulnerabilities