CVE-2008-7242

Name of the Vulnerable Software and Affected Versions MODx CMS versions 0.9.6.1 through 0.9.6.1p1

Description The issue allows remote attackers to inject arbitrary web script or HTML via certain parameters to various pages. The vulnerable parameters include search, a, messagesubject, and messagebody to pages reachable from manager/index.php, highlight, id, email, name, and parent to index.php, and docgrp and moreResultsPage to index-ajax.php.

Recommendations For MODx CMS versions 0.9.6.1 through 0.9.6.1p1, consider disabling access to the vulnerable parameters until a patch is available. Restrict access to the manager/index.php, index.php, and index-ajax.php pages to minimize the risk of exploitation. Avoid using the vulnerable parameters in the affected API endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.