Vulnerabilities > Modx > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2014-12-03 | CVE-2014-8774 | Cross-Site Scripting vulnerability in Modx Revolution Cross-site scripting (XSS) vulnerability in manager/index.php in MODX Revolution 2.x before 2.2.15 allows remote attackers to inject arbitrary web script or HTML via the context_key parameter. | 4.3 |
| 2014-12-03 | CVE-2014-8773 | Cross-Site Request Forgery (CSRF) vulnerability in Modx Revolution MODX Revolution 2.x before 2.2.15 allows remote attackers to bypass the cross-site request forgery (CSRF) protection mechanism by (1) omitting the CSRF token or via a (2) long string in the CSRF token parameter. | 6.8 |
| 2014-11-06 | CVE-2014-5451 | Cross-Site Scripting vulnerability in Modx Revolution Cross-site scripting (XSS) vulnerability in manager/templates/default/header.tpl in MODX Revolution 2.3.1-pl and earlier allows remote attackers to inject arbitrary web script or HTML via the "a" parameter to manager/. | 4.3 |
| 2014-03-01 | CVE-2014-2080 | Cross-Site Scripting vulnerability in Modx Revolution Cross-site scripting (XSS) vulnerability in manager/templates/default/header.tpl in ModX Revolution before 2.2.11 allows remote attackers to inject arbitrary web script or HTML via the "a" parameter. | 4.3 |