oss-sec mailing list archives

Re: CVE Request: Multiple Vulnerabilities - XSS/Remote Code Injection in MODX

From: Karthik Rangarajan <rangarajan.karthik () gmail com>
Date: Wed, 12 Nov 2014 14:29:07 -0800

Bump - can a CVE be assigned to the remote code execution
vulnerability as well as the multiple XSS vulnerabilities in MODX?

On Sun, Nov 9, 2014 at 3:37 PM, Karthik Rangarajan
<rangarajan.karthik () gmail com> wrote:

Hello,

MODX has released a security advisory for MODX Evolution <=1.0.14. The
version is affected by multiple XSS vulnerabilities as well as a
command injection vulnerability. Please find the advisory below:

http://forums.modx.com/thread/94952/multiple-vulnerabilities-xss-remote-command-injection

Can a CVE please be assigned for these vulnerabilities?

Thanks,
Karthik

--
Regards,
Karthik Rangarajan




-- 
Regards,
Karthik Rangarajan
MS, Information Security

Twitter: @krangarajan

Current thread:

CVE Request: Multiple Vulnerabilities - XSS/Remote Code Injection in MODX Karthik Rangarajan (Nov 09)
- Re: CVE Request: Multiple Vulnerabilities - XSS/Remote Code Injection in MODX Karthik Rangarajan (Nov 12)