This question has been answered by tillilab. See the first response.
Ciao,
ho inoltrato la tua richiesta allo staff di modx,
pare si tratti di un falso positivo, nelle pagine ci sono dei codici non supportati completamente da explorer 6 e 7 e clamAv li vede come malevoli, o qualcosa di simile...
Comunque ecco la risposta dell'host di modx.com:
"The vulnerability associated with that CVE is for IE 6 and 7.
Microsoft Internet Explorer 6 and 7 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not initialized or (2) is deleted, aka "Layout Memory Corruption Vulnerability."
ClamAV is an antivirus that commonly shows up as malware but is always a false positive."
Un saluto