CVE-2008-7242 Information

Description

Multiple cross-site scripting (XSS) vulnerabilities in MODx CMS 0.9.6.1 and 0.9.6.1p1 allo remote attackers to inject arbitrary web script or HTML via the (1) search (2) \a\ (3) messagesubject and (4) messagebody parameters to certain pages as reachable from manager/index.php; (5) highlight (6) id (7) email (8) name and (9) parent parameters to index.php; and the (10) docgrp and (11) moreResultsPage parameters to index-ajax.php.

Reference

http://osvdb.org/41232 http://secunia.com/advisories/28840 http://www.securityfocus.com/archive/1/487696/100/200/threaded http://www.securityfocus.com/bid/27672 https://exchange.xforce.ibmcloud.com/vulnerabilities/40375