Vulnerabilities > CVE-2006-1820 - Directory Traversal vulnerability in Modxcms 0.9.1

CVSS 5.8 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

NONE

network

modxcms

nessus

exploit available

NVD

Published: 2006-04-18

Updated: 2018-10-18

Summary

Cross-site scripting (XSS) vulnerability in index.php in ModX 0.9.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter. NOTE: this might be resultant from the directory traversal vulnerability.

Vulnerable Configurations

Part	Description	Count
Application	Modxcms Modxcms Modxcms 0.9.1	1

Exploit-Db

description	MODxCMS 0.9.1 Index.PHP Cross-Site Scripting Vulnerability. CVE-2006-1820. Webapps exploit for php platform
id	EDB-ID:27648
last seen	2016-02-03
modified	2006-04-14
published	2006-04-14
reporter	Rusydi Hasan
source	https://www.exploit-db.com/download/27648/
title	MODxCMS 0.9.1 Index.PHP Cross-Site Scripting Vulnerability

Nessus

NASL family	CGI abuses
NASL id	MODX_091A.NASL
description	The remote host is running MODx, a content management system written in PHP. The version of MODx installed on the remote host fails to sanitize input to the
last seen	2020-06-01
modified	2020-06-02
plugin id	21235
published	2006-04-17
reporter	This script is Copyright (C) 2006-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/21235
title	MODx < 0.9.1a Multiple Vulnerabilities

Summary

Vulnerable Configurations

Exploit-Db

Nessus

References