Description

Cross-site scripting (XSS) vulnerability in manager/assets/fileapi/FileAPI.flash.image.swf in MODX Revolution 2.3.2-pl allows remote attackers to inject arbitrary web script or HTML via the callback parameter.

Remediation

References

CVE-2014-8992

Related Vulnerabilities

WordPress Plugin Collapse-O-Matic Cross-Site Scripting (1.6.8)

Moodle Improper Input Validation Vulnerability (CVE-2019-3847)

Joomla Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2009-1499)

WordPress Plugin RestroPress-Online Food Ordering System Cross-Site Request Forgery (2.8.2)

WordPress Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-3818)

Severity

Medium

Classification

CVE-2014-8992 CWE-707

Tags

Missing Update Known Vulnerabilities