MODx CMS Cross Site Scripting and Remote File Include Vulnerabilities

An attacker can exploit these issues via a browser. To exploit the cross-site scripting issue, the attacker must entice an unsuspecting victim into following a malicious URI.

The following example URIs are available:

Remote File-Include:

Cross-Site Scripting:
The attacker creates a malicious POST request that sets the username box to the following value: "+onmouseover=alert(400942638703)+".


Privacy Statement
Copyright 2010, SecurityFocus