CVE-2014-8773

MODX Revolution <2.2.15 - CSRF Bypass

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2014-8773.

AI-analyzed exploit summary This advisory details multiple vulnerabilities in MODX Revolution, including CSRF token bypass, reflected XSS via the 'context_key' parameter, and stored XSS via the 'context' parameter. It provides technical details on exploitation methods and affected URLs.

Description

MODX Revolution 2.x before 2.2.15 allows remote attackers to bypass the cross-site request forgery (CSRF) protection mechanism by (1) omitting the CSRF token or via a (2) long string in the CSRF token parameter.

Exploits (1)

exploitdb WRITEUP
webappsphp
https://www.exploit-db.com/exploits/35159

This advisory details multiple vulnerabilities in MODX Revolution, including CSRF token bypass, reflected XSS via the 'context_key' parameter, and stored XSS via the 'context' parameter. It provides technical details on exploitation methods and affected URLs.

Classification
Writeup 95%
Attack Type
Xss | Auth Bypass
Complexity
Moderate
Reliability
Reliable
Target: MODX Revolution 2.0.0-2.2.14
No auth needed
Prerequisites: Victim interaction required for XSS exploitation · CSRF attack requires tricking an authenticated user
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (2)

Core 2

Scores

EPSS 0.0113
EPSS Percentile 62.2%

Details

CWE
CWE-352
Status published
Products (29)
modx/modx_revolution 2.0.0
modx/modx_revolution 2.0.1
modx/modx_revolution 2.0.3
modx/modx_revolution 2.0.4
modx/modx_revolution 2.0.5
modx/modx_revolution 2.0.6
modx/modx_revolution 2.0.7
modx/modx_revolution 2.0.8
modx/modx_revolution 2.1.0
modx/modx_revolution 2.1.1
... and 19 more
Published Dec 03, 2014
Tracked Since Feb 18, 2026