Description

Cross-site scripting (XSS) vulnerability in manager/templates/default/header.tpl in ModX Revolution before 2.2.11 allows remote attackers to inject arbitrary web script or HTML via the "a" parameter.

Remediation

References

CVE-2014-2080

Related Vulnerabilities

WordPress Plugin WP Coder-add custom html, css and js code Cross-Site Request Forgery (2.5.2)

WordPress Plugin WPhone Cross-Site Scripting (1.5.2)

Squid Other Vulnerability (CVE-2010-2951)

ZenCart Permissions, Privileges, and Access Controls Vulnerability (CVE-2006-0697)

WordPress 4.8.x Multiple Vulnerabilities (4.8 - 4.8.17)

Severity

Medium

Classification

CVE-2014-2080 CWE-707

Tags

Missing Update Known Vulnerabilities