MODX

Status: Solved (See: Notice on fix)Product: MODx RevolutionRisk: ModerateVersions: 2.0.xVunerability type: Cross-Site Scripting and Local File Inclusion VulnerabilitiesReport Date: 2010-09-29Fixed Date: 2010-09-29DescriptionIssue reported as Secunia ... [More] Advisory SA41638. Input passed via the "modahsh" parameter to manager/index.php is not properly sanitized before being returned to the user and input passed via the "class_key" parameter to manager/controllers/default/resource/tvs.php is not properly verified before being used to include files.Affected ReleasesMODx Revolution 2.0.2-pl however it is possible previous releases contain the vulnerability.SolutionUpgrade to MODx Revolution 2.0.3 available here:  http://modxcms.com/download.html#plRead the Release Announcement[/ur... [Less]

Status: Solved (See: Notice on fix)Product: MODx RevolutionRisk: ModerateVersions: 2.0.xVunerability type: Cross-Site Scripting and Local File Inclusion VulnerabilitiesReport Date: 2010-09-29Fixed Date: 2010-09-29DescriptionIssue reported as Secunia ... [More] Advisory SA41638. Input passed via the "modahsh" parameter to manager/index.php is not properly sanitized before being returned to the user and input passed via the "class_key" parameter to manager/controllers/default/resource/tvs... [Less]

Status: Solved (See: Notice on fix) Product: MODx Revolution Risk: Moderate Versions: 2.0.x Vunerability type: Cross-Site Scripting and Local File Inclusion Vulnerabilities Report Date: 2010-09-29 Fixed Date: 2010-09-29 Description Issue reported as ... [More] Secunia Advisory SA41638. Input passed via the "modahsh" parameter to manager/index.php is not properly sanitized before being returned to the user and input passed via the "class_key" parameter to manager/controllers/default/resource/tvs.php is not properly verified before being used to include files. Affected Releases MODx Revolution 2.0.2-pl however it is possible previous releases contain the vulnerability. Solution Upgrade to MODx Revolution 2.0.3 available here: http://modxcms.com/download.html#pl Read the Release Announcement for Revolution 2.0.3. [Less]

Status: Solved (See: Notice on fix)Product: MODx RevolutionRisk: ModerateVersions: 2.0.xVunerability type: Cross-Site Scripting and Local File Inclusion VulnerabilitiesReport Date: 2010-09-29Fixed Date: 2010-09-29DescriptionIssue reported as Secunia ... [More] Advisory SA41638. Input passed via the "modahsh" parameter to manager/index.php is not properly sanitized before being returned to the user and input passed via the "class_key" parameter to manager/controllers/default/resource/tvs... [Less]

Status: Solved (See: Notice on fix) Product: MODx Revolution Risk: Moderate Versions: 2.0.x Vunerability type: Cross-Site Scripting and Local File Inclusion Vulnerabilities Report Date: 2010-09-29 Fixed Date: 2010-09-29 Description Issue reported as ... [More] Secunia Advisory SA41638. Input passed via the "modahsh" parameter to manager/index.php is not properly sanitized before being returned to the user and input passed via the "class_key" parameter to manager/controllers/default/resource/tvs.php is not properly verified before being used to include files. Affected Releases MODx Revolution 2.0.2-pl however it is possible previous releases contain the vulnerability. Solution Upgrade to MODx Revolution 2.0.3 available here: http://modxcms.com/download.html#pl Read the Release Announcement for Revolution 2.0.3. [Less]

Status: Solved (See: Notice on fix)Product: MODx RevolutionRisk: ModerateVersions: 2.0.xVunerability type: Cross-Site Scripting and Local File Inclusion VulnerabilitiesReport Date: 2010-09-29Fixed Date: 2010-09-29DescriptionIssue reported as Secunia ... [More] Advisory SA41638. Input passed via the "modahsh" parameter to manager/index.php is not properly sanitized before being returned to the user and input passed via the "class_key" parameter to manager/controllers/default/resource/tvs... [Less]

Status: Solved (See: Notice on fix) Product: MODx Revolution Risk: Moderate Versions: 2.0.x Vunerability type: Cross-Site Scripting and Local File Inclusion Vulnerabilities Report Date: 2010-09-29 Fixed Date: 2010-09-29 Description Issue reported as ... [More] Secunia Advisory SA41638. Input passed via the "modahsh" parameter to manager/index.php is not properly sanitized before being returned to the user and input passed via the "class_key" parameter to manager/controllers/default/resource/tvs.php is not properly verified before being used to include files. Affected Releases MODx Revolution 2.0.2-pl however it is possible previous releases contain the vulnerability. Solution Upgrade to MODx Revolution 2.0.3 available here: http://modxcms.com/download.html#pl Read the Release Announcement for Revolution 2.0.3. [Less]

Status: Solved (See: Notice on fix)Product: MODx RevolutionRisk: ModerateVersions: 2.0.xVunerability type: Cross-Site Scripting and Local File Inclusion VulnerabilitiesReport Date: 2010-09-29Fixed Date: 2010-09-29DescriptionIssue reported as Secunia ... [More] Advisory SA41638. Input passed via the "modahsh" parameter to manager/index.php is not properly sanitized before being returned to the user and input passed via the "class_key" parameter to manager/controllers/default/resource/tvs... [Less]

MODx Revolution 2.0.2 is now out. Please read the announcement. If you upgraded or installed to Revolution 2.0.1 you should update your install to Revolution 2.0.2 to ensure saving documents works as expected. Thanks.

MODx Revolution 2.0.2 Brings a Little More Speed and Lots of Little Fixes.MODx Revolution 2.0 was officially released nearly 2 months ago and many of you have made the switch from MODx Evolution and others have added it to their toolset. This means ... [More] many more people using Revolution on a daily basis and this also has given it a real-world workout on production sites. This happily resulted in finding things that needed fixing or improving.The Revolution 2.0.2 release contains over 80 bugfixes or improvements and here are the highlights:- More optimizations to the Manager to improve usability and speed, including faster load times.- Manager tree now remembers where you were on refresh so you don't have to keep clicking the tree.- Improved Rich Text Editor support, especially in multi-context environments.- Improvements Package Management so installing add-ons works correctly and smoothly in most environments.- Improvements to image thumbnails and thumbnail caching in the MODx B... [Less]