Update: CRT was informed that a fixed version of ModX Revolution was released on 08/18/2015. Updated parts of the advisory: ModX Revolution 2.3.5-pl: Reflected Cross Site Scripting Vulnerability Security Advisory – Curesec Research Team 1. Introduction Affected Product: ModX Revolution 2.3.5-pl Fixed in: 2.4.0 and 2.3.6 Fixed Version Link: http://ift.tt/1LuQxuA Vendor Contact: hello@modx.com Vulnerability Type: Reflected XSS Remote Exploitable: Yes Reported to vendor: 07/14/2015 Disclosed to public: 08/17/2015 Release mode: Full disclosure CVE: n/a Credits Tim Coen of Curesec GmbH [...] 5. Report Timeline 07/14/2015 Informed Vendor about Issue (no reply) 08/13/2015 Contacted Vendor again (no reply) 08/17/2015 Disclosed to public 08/18/2015 Vendor releases fixed versions 2.4.0 and 2.3.6 6. Blog Reference: http://ift.tt/1Py5WsE
Source: Gmail -> IFTTT-> Blogger
No comments:
Post a Comment