CVE-2014-8774

MODX Revolution <2.2.15 - XSS

Title source: llm

Description

Cross-site scripting (XSS) vulnerability in manager/index.php in MODX Revolution 2.x before 2.2.15 allows remote attackers to inject arbitrary web script or HTML via the context_key parameter.

Exploits (1)

exploitdb WRITEUP

webappsphp

https://www.exploit-db.com/exploits/35159

View Code ZIP pw:eip

References (2)

[Various Sources] http://forums.modx.com/thread/92152/critical-login-xss-csrf-revolution-2-2-1-4-and-prior

[Exploit] http://hacktivity.websecgeeks.com/modx-csrf-and-xss/

Scores

EPSS 0.0089

EPSS Percentile 75.5%

Details

CWE

CWE-79

Status published

Products (29)

modx/modx_revolution 2.0.0

modx/modx_revolution 2.0.1

modx/modx_revolution 2.0.3

modx/modx_revolution 2.0.4

modx/modx_revolution 2.0.5

modx/modx_revolution 2.0.6

modx/modx_revolution 2.0.7

modx/modx_revolution 2.0.8

modx/modx_revolution 2.1.0

modx/modx_revolution 2.1.1

... and 19 more

Published Dec 03, 2014

Tracked Since Feb 18, 2026