CVE-2008-5942

MODx <0.9.6.3 - XSS

Title source: llm

Description

Multiple cross-site scripting (XSS) vulnerabilities in MODx before 0.9.6.3 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) the preserveUrls function and (2) "username input." NOTE: vector 2 may be related to CVE-2008-5939.

References (5)

[Third Party Advisory] http://jvn.jp/en/jp/JVN10170564/index.html

[Third Party Advisory] http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000003.html

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/33184

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/48184

[Release Notes] http://svn.modxcms.com/svn/tattoo/tattoo/releases/0.9.6.3/install/changelog.txt

Scores

EPSS 0.0033

EPSS Percentile 55.5%

Classification

CWE

CWE-79

Status published

Affected Products (8)

modxcms/modxcms < 0.9.6.2

modxcms/modxcms

modxcms/modxcms

modxcms/modxcms

modxcms/modxcms

modxcms/modxcms

modxcms/modxcms

n/a/n/a

Timeline

Published Jan 22, 2009

Tracked Since Feb 18, 2026