MODX

MODx has been around quite a while now and it's time we made some changes. We think you'll like them!

The anatomy of a snippet call - A wiki article written by our team member, explains the basics of the snippets...

Based on further analysis there is one legitimate bug contained in the distribution that while we've not been able to find security vectors using the flaw, it is not inconceivable that a determined hacker could not do so. This lies with the search ... [More] highlight plugin. To fix this, patch two lines starting near line 52 to as follows:Code:  $searched = strip_tags(urldecode($_REQUEST['searched']));   $highlight = strip_tags(urldecode($_REQUEST['highlight'])); Alternately, you can simply disable the search highlight plugin entirely by logging into the manager and going to Resources > Manage Resources > Plugin tab. From there, click the Search Highlight plugin name in the list of names, then check the first checkbox near the top that says "Plugin Disabled" (or your relevant local language string).The currently available build on the download page contains this patch. If you're running an existing site, the best option is to patch or disable the Search Highlight plugin per the above. [Less]

The MODx team believes the following security notice is sophistical – plausible but misleading (some would refer to it as "FUD"). We are continuing further investigations. Modx 0.9.6.1, 0.9.6.1p1 Multiple Security Vulnerabilities To reproduce the ... [More] security compromises listed above, a malicious hacker would first have to hijack a valid manager session, then convince someone to visit a link to the site with that session and their XSS content inserted. This could be of concern however in... [Less]

The MODx team believes the following security notice is sophistical – plausible but misleading (some would refer to it as "FUD"). We are continuing further investigations. Modx 0.9.6.1, 0.9.6.1p1 Multiple Security Vulnerabilities To reproduce the ... [More] security compromises listed above, a malicious hacker would first have to hijack a valid manager session, then convince someone to visit a link to the site with that session and their XSS content inserted. This could be of concern however in... [Less]

The MODx team believes the following security notice is sophistical – plausible but misleading (some would refer to it as "FUD"). We are continuing further investigations. Modx 0.9.6.1, 0.9.6.1p1 Multiple Security Vulnerabilities To reproduce the ... [More] security compromises listed above, a malicious hacker would first have to hijack a valid manager session, then convince someone to visit a link to the site with that session and their XSS content inserted. This could be of concern however in... [Less]

The MODx team believes the following security notice is sophistical – plausible but misleading (some would refer to it as "FUD"). We are continuing further investigations. Modx 0.9.6.1, 0.9.6.1p1 Multiple Security Vulnerabilities To reproduce the ... [More] security compromises listed above, a malicious hacker would first have to hijack a valid manager session, then convince someone to visit a link to the site with that session and their XSS content inserted. This could be of concern however in... [Less]

The MODx team believes the following security notice is sophistical – plausible but misleading (some would refer to it as "FUD"). We are continuing further investigations.[DSECRG-08-013] Modx 0.9.6.1, 0.9.6.1p1 Multiple Security Vulnerabilities To ... [More] reproduce the security compromises listed above, a malicious hacker would first have to hijack a valid manager session, then convince someone to visit a link to the site with that session and their XSS content inserted. This could be of concern however in the instance when you have a large Manager User base of untrusted individuals. In either case, there are larger security implications.For more information and discussion, please visit this thread in these forums. We do not have every server or browser combination under which we can test the above listed compromises, so we would tremendously appreciate assistance/confirmation . If you are able t... [Less]

The current download available on the site contains the above-listed patches.

Please take notice that two security vulnerabilities have been reported and confirmed in 3rd-party scripts that are included in the MODx 0.9.6.1 distributions.  Please see http://www.securityfocus.com/archive/1/485707/30/0/threaded for details.You ... [More] need to take immediate action to protect your site( s ).  For 0.9.6.1Go to http://svn.modxcms.com/trac/tattoo/changeset/3281 and you can choose from three options for applying the changes to your existing installations: download the zip archi... [Less]