CVE-2014-8992

Published December 22nd, 2014

View on NVD ↗

CVSS v3

N/A

CVSS v2

4.3

MEDIUM

Affected

PROJECT

Description

Cross-site scripting (XSS) vulnerability in manager/assets/fileapi/FileAPI.flash.image.swf in MODX Revolution 2.3.2-pl allows remote attackers to inject arbitrary web script or HTML via the callback parameter.

modxcms/revolution

MODX Revolution - Content Management Framework

GitHub

1.4K