JVNDB-2009-000003

[Japanese]
JVNDB-2009-000003
MODx cross-site scripting vulnerability
Overview
MODx, an open source contents management system, contains a cross-site scripting vulnerability. MODx, an open source contents management system, contains multiple cross-site scripting vulnerabilities. Gaku Mochizuki of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
CVSS Severity (What is CVSS?)
Base Metrics: 4.3 (Medium) [IPA Score] Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: None Integrity Impact: Partial Availability Impact: None
Affected Products
MODx MODx 0.9.6.2 and earlier
Impact
An arbitrary script may be executed on the user's web browser.
Solution
[Update the Software] Apply the latest update provided by the developer.
Vendor Information
MODx MODx : MODx CMS and PHP Application Framework MODx : Get MODx Here - Latest Stable Release MODx : ChangeLog
References
JVN : JVN#10170564 National Vulnerability Database (NVD) : CVE-2008-5942 Common Vulnerabilities and Exposures (CVE) : CVE-2008-5942 Common Weakness Enumeration (CWE) : Cross-site scripting (CWE-79) [IPA Evaluation] JVN iPedia (Japanese) : JVNDB-2009-000003
Revision History
[2009/01/09] Web page published

Date Public	2009/01/09
Date First Published	2009/01/09
Date Last Updated	2009/01/09

MODx cross-site scripting vulnerability