Unrated severityNVD Advisory· Published Nov 6, 2014· Updated Jun 17, 2026
CVE-2014-5451
CVE-2014-5451
Description
Cross-site scripting (XSS) vulnerability in manager/templates/default/header.tpl in MODX Revolution 2.3.1-pl and earlier allows remote attackers to inject arbitrary web script or HTML via the "a" parameter to manager/. NOTE: this issue exists because of a CVE-2014-2080 regression.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2cpe:2.3:a:modx:modx_revolution:*:pl:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:modx:modx_revolution:*:pl:*:*:*:*:*:*range: <=2.3.1
- (no CPE)range: <=2.3.1-pl
Patches
Vulnerability mechanics
References
5- packetstormsecurity.com/files/128302/MODX-Revolution-2.3.1-pl-Cross-Site-Scripting.htmlnvdExploit
- www.securityfocus.com/bid/69884nvdExploit
- github.com/modxcms/revolution/commit/e36f80f18e9514204bf2ce82747c8adf7e47a9c9nvdExploit
- www.htbridge.com/advisory/HTB23229nvdExploit
- www.securityfocus.com/archive/1/533466/100/0/threadednvd
News mentions
0No linked articles in our index yet.