Unrated severityNVD Advisory· Published Sep 17, 2009· Updated Apr 23, 2026

CVE-2008-7242

Description

Multiple cross-site scripting (XSS) vulnerabilities in MODx CMS 0.9.6.1 and 0.9.6.1p1 allo remote attackers to inject arbitrary web script or HTML via the (1) search, (2) "a," (3) messagesubject, and (4) messagebody parameters to certain pages as reachable from manager/index.php; (5) highlight, (6) id, (7) email, (8) name, and (9) parent parameters to index.php; and the (10) docgrp and (11) moreResultsPage parameters to index-ajax.php.

Affected products

Modxcms/Modxcms2 versions
cpe:2.3:a:modxcms:modxcms:0.9.6.1:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:modxcms:modxcms:0.9.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:modxcms:modxcms:0.9.6.1:p1:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.securityfocus.com/bid/27672nvdExploit
secunia.com/advisories/28840nvdVendor Advisory
osvdb.org/41232nvd
www.securityfocus.com/archive/1/487696/100/200/threadednvd
exchange.xforce.ibmcloud.com/vulnerabilities/40375nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000