[prev in list] [next in list] [prev in thread] [next in thread]
List: full-disclosure
Subject: Re: [FD] ModX Revolution 2.3.5 - Reflected XSS - Fixed Versions Released
From: "Curesec Research Team (CRT)" <crt () curesec ! com>
Date: 2015-08-19 10:34:58
Message-ID: 55D45BD2.5060608 () curesec ! com
[Download RAW message or body]
Update:
CRT was informed that a fixed version of ModX Revolution was released on
08/18/2015.
Updated parts of the advisory:
ModX Revolution 2.3.5-pl: Reflected Cross Site Scripting Vulnerability
Security Advisory – Curesec Research Team
1. Introduction
Affected Product: ModX Revolution 2.3.5-pl
Fixed in: 2.4.0 and 2.3.6
Fixed Version Link: http://modx.com/download/direct/modx-2.4.0-pl.zip
Vendor Contact: hello@modx.com
Vulnerability Type: Reflected XSS
Remote Exploitable: Yes
Reported to vendor: 07/14/2015
Disclosed to public: 08/17/2015
Release mode: Full disclosure
CVE: n/a
Credits Tim Coen of Curesec GmbH
[...]
5. Report Timeline
07/14/2015 Informed Vendor about Issue (no reply)
08/13/2015 Contacted Vendor again (no reply)
08/17/2015 Disclosed to public
08/18/2015 Vendor releases fixed versions 2.4.0 and 2.3.6
6. Blog Reference:
http://blog.curesec.com/article/blog/ModX-Revolution-235-pl-Reflected-Cross-Site-Scripting-Vulnerability-43.html
_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic