Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Mon, 24 Feb 2014 12:52:51 +0100
From: Hanno Böck <hanno@...eck.de>
To: oss-security@...ts.openwall.com
Cc: cve-assign@...re.org
Subject: CVE request: XSS in MODX Revolution before 2.2.11

Hi,

Can I get a CVE for this issue?

MODX Revolution 2.2.11 release announcement:
http://modx.com/blog/2014/01/21/revolution-2.2.11%E2%80%94security-fixes-and-prevent-change-loss/
says
"Prevent XSS on actionVar in header.tpl in the Manager"

This is the git commit:
https://github.com/modxcms/revolution/commit/77463eb6a8090f474b04fdc1b72225cb93c558ea

I haven't found any other public sources / advisories for the XSS, so I
assume it was detected by the MODX devs themselves.


cu,
-- 
Hanno Böck
http://hboeck.de/

mail/jabber: hanno@...eck.de
GPG: BBB51E42

Download attachment "signature.asc" of type "application/pgp-signature" (837 bytes)

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ