Jay Gilmore Reply #1, 1 year, 7 months ago
Status: Solved (See: Notice on fix)
Product: MODx Revolution
Risk: Moderate
Versions: 2.0.x
Vunerability type: Cross-Site Scripting and Local File Inclusion Vulnerabilities
Report Date: 2010-09-29
Fixed Date: 2010-09-29
Description
Issue reported as Secunia Advisory SA41638.
Input passed via the "modahsh" parameter to manager/index.php is not properly sanitized before being returned to the user and input passed via the "class_key" parameter to manager/controllers/default/resource/tvs.php is not properly verified before being used to include files.
Affected Releases
MODx Revolution 2.0.2-pl however it is possible previous releases contain the vulnerability.
Solution
Upgrade to MODx Revolution 2.0.3 available here: http://modxcms.com/download.html#pl Read the Release Announcement for Revolution 2.0.3.
Product: MODx Revolution
Risk: Moderate
Versions: 2.0.x
Vunerability type: Cross-Site Scripting and Local File Inclusion Vulnerabilities
Report Date: 2010-09-29
Fixed Date: 2010-09-29
Description
Issue reported as Secunia Advisory SA41638.
Input passed via the "modahsh" parameter to manager/index.php is not properly sanitized before being returned to the user and input passed via the "class_key" parameter to manager/controllers/default/resource/tvs.php is not properly verified before being used to include files.
Affected Releases
MODx Revolution 2.0.2-pl however it is possible previous releases contain the vulnerability.
Solution
Upgrade to MODx Revolution 2.0.3 available here: http://modxcms.com/download.html#pl Read the Release Announcement for Revolution 2.0.3.