Description

Cross-site scripting (XSS) vulnerability in manager/templates/default/header.tpl in ModX Revolution before 2.2.11 allows remote attackers to inject arbitrary web script or HTML via the "a" parameter.

Remediation

References

CVE-2014-2080

Related Vulnerabilities

Oracle JRE CVE-2013-2461 Vulnerability (CVE-2013-2461)

XWiki Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') Vulnerability (CVE-2022-41931)

WordPress Plugin AccessPress Social Icons Cross-Site Scripting (1.6.6)

Dolphin Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2008-3167)

WordPress Plugin SocialGrid 'default_services' Parameter Cross-Site Scripting (2.3)

Severity

Medium

Classification

CVE-2014-2080 CWE-707

Tags

Missing Update Known Vulnerabilities