Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
NVD Vulnerability Details :
CVE-2014-8773
Deferred
More InfoOfficial Page
Source-cve@mitre.org
View Known Exploited Vulnerability (KEV) details
Published At-03 Dec, 2014 | 18:59
Updated At-12 Apr, 2025 | 10:46

MODX Revolution 2.x before 2.2.15 allows remote attackers to bypass the cross-site request forgery (CSRF) protection mechanism by (1) omitting the CSRF token or via a (2) long string in the CSRF token parameter.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.06.8MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
Type: Primary
Version: 2.0
Base score: 6.8
Base severity: MEDIUM
Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CPE Matches
modx
modx
>>modx_revolution>>2.0.0
cpe:2.3:a:modx:modx_revolution:2.0.0:*:*:*:*:*:*:*
modx
modx
>>modx_revolution>>2.0.1
cpe:2.3:a:modx:modx_revolution:2.0.1:*:*:*:*:*:*:*
modx
modx
>>modx_revolution>>2.0.3
cpe:2.3:a:modx:modx_revolution:2.0.3:*:*:*:*:*:*:*
modx
modx
>>modx_revolution>>2.0.4
cpe:2.3:a:modx:modx_revolution:2.0.4:*:*:*:*:*:*:*
modx
modx
>>modx_revolution>>2.0.5
cpe:2.3:a:modx:modx_revolution:2.0.5:*:*:*:*:*:*:*
modx
modx
>>modx_revolution>>2.0.6
cpe:2.3:a:modx:modx_revolution:2.0.6:*:*:*:*:*:*:*
modx
modx
>>modx_revolution>>2.0.7
cpe:2.3:a:modx:modx_revolution:2.0.7:*:*:*:*:*:*:*
modx
modx
>>modx_revolution>>2.0.8
cpe:2.3:a:modx:modx_revolution:2.0.8:*:*:*:*:*:*:*
modx
modx
>>modx_revolution>>2.1.0
cpe:2.3:a:modx:modx_revolution:2.1.0:*:*:*:*:*:*:*
modx
modx
>>modx_revolution>>2.1.1
cpe:2.3:a:modx:modx_revolution:2.1.1:*:*:*:*:*:*:*
modx
modx
>>modx_revolution>>2.1.2
cpe:2.3:a:modx:modx_revolution:2.1.2:*:*:*:*:*:*:*
modx
modx
>>modx_revolution>>2.1.3
cpe:2.3:a:modx:modx_revolution:2.1.3:*:*:*:*:*:*:*
modx
modx
>>modx_revolution>>2.1.4
cpe:2.3:a:modx:modx_revolution:2.1.4:*:*:*:*:*:*:*
modx
modx
>>modx_revolution>>2.1.5
cpe:2.3:a:modx:modx_revolution:2.1.5:*:*:*:*:*:*:*
modx
modx
>>modx_revolution>>2.2.0
cpe:2.3:a:modx:modx_revolution:2.2.0:*:*:*:*:*:*:*
modx
modx
>>modx_revolution>>2.2.1
cpe:2.3:a:modx:modx_revolution:2.2.1:*:*:*:*:*:*:*
modx
modx
>>modx_revolution>>2.2.2
cpe:2.3:a:modx:modx_revolution:2.2.2:*:*:*:*:*:*:*
modx
modx
>>modx_revolution>>2.2.3
cpe:2.3:a:modx:modx_revolution:2.2.3:*:*:*:*:*:*:*
modx
modx
>>modx_revolution>>2.2.4
cpe:2.3:a:modx:modx_revolution:2.2.4:*:*:*:*:*:*:*
modx
modx
>>modx_revolution>>2.2.5
cpe:2.3:a:modx:modx_revolution:2.2.5:*:*:*:*:*:*:*
modx
modx
>>modx_revolution>>2.2.6
cpe:2.3:a:modx:modx_revolution:2.2.6:*:*:*:*:*:*:*
modx
modx
>>modx_revolution>>2.2.7
cpe:2.3:a:modx:modx_revolution:2.2.7:*:*:*:*:*:*:*
modx
modx
>>modx_revolution>>2.2.8
cpe:2.3:a:modx:modx_revolution:2.2.8:*:*:*:*:*:*:*
modx
modx
>>modx_revolution>>2.2.9
cpe:2.3:a:modx:modx_revolution:2.2.9:*:*:*:*:*:*:*
modx
modx
>>modx_revolution>>2.2.10
cpe:2.3:a:modx:modx_revolution:2.2.10:*:*:*:*:*:*:*
modx
modx
>>modx_revolution>>2.2.11
cpe:2.3:a:modx:modx_revolution:2.2.11:*:*:*:*:*:*:*
modx
modx
>>modx_revolution>>2.2.12
cpe:2.3:a:modx:modx_revolution:2.2.12:*:*:*:*:*:*:*
modx
modx
>>modx_revolution>>2.2.13
cpe:2.3:a:modx:modx_revolution:2.2.13:*:*:*:*:*:*:*
modx
modx
>>modx_revolution>>2.2.14
cpe:2.3:a:modx:modx_revolution:2.2.14:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-352Primarynvd@nist.gov
CWE ID: CWE-352
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://forums.modx.com/thread/92152/critical-login-xss-csrf-revolution-2-2-1-4-and-priorcve@mitre.org
N/A
http://hacktivity.websecgeeks.com/modx-csrf-and-xss/cve@mitre.org
Exploit
http://forums.modx.com/thread/92152/critical-login-xss-csrf-revolution-2-2-1-4-and-prioraf854a3a-2127-422b-91ae-364da2661108
N/A
http://hacktivity.websecgeeks.com/modx-csrf-and-xss/af854a3a-2127-422b-91ae-364da2661108
Exploit
Hyperlink: http://forums.modx.com/thread/92152/critical-login-xss-csrf-revolution-2-2-1-4-and-prior
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://hacktivity.websecgeeks.com/modx-csrf-and-xss/
Source: cve@mitre.org
Resource:
Exploit
Hyperlink: http://forums.modx.com/thread/92152/critical-login-xss-csrf-revolution-2-2-1-4-and-prior
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://hacktivity.websecgeeks.com/modx-csrf-and-xss/
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Exploit
Change History
0Changes found
Details not found