CVE-2014-8773

MODX Revolution <2.2.15 - CSRF Bypass

Title source: llm

Description

MODX Revolution 2.x before 2.2.15 allows remote attackers to bypass the cross-site request forgery (CSRF) protection mechanism by (1) omitting the CSRF token or via a (2) long string in the CSRF token parameter.

Exploits (1)

exploitdb WRITEUP

webappsphp

https://www.exploit-db.com/exploits/35159

View Code ZIP pw:eip

References (2)

[Various Sources] http://forums.modx.com/thread/92152/critical-login-xss-csrf-revolution-2-2-1-4-and-prior

[Exploit] http://hacktivity.websecgeeks.com/modx-csrf-and-xss/

Scores

EPSS 0.0022

EPSS Percentile 45.1%

Details

CWE

CWE-352

Status published

Products (29)

modx/modx_revolution 2.0.0

modx/modx_revolution 2.0.1

modx/modx_revolution 2.0.3

modx/modx_revolution 2.0.4

modx/modx_revolution 2.0.5

modx/modx_revolution 2.0.6

modx/modx_revolution 2.0.7

modx/modx_revolution 2.0.8

modx/modx_revolution 2.1.0

modx/modx_revolution 2.1.1

... and 19 more

Published Dec 03, 2014

Tracked Since Feb 18, 2026