What is the severity of CVE-2014-8773?

CVE-2014-8773 is considered a critical vulnerability as it allows remote attackers to bypass CSRF protection.

How do I fix CVE-2014-8773?

To fix CVE-2014-8773, upgrade to MODX Revolution version 2.2.15 or later.

What versions of MODX Revolution are affected by CVE-2014-8773?

CVE-2014-8773 affects MODX Revolution versions prior to 2.2.15.

What type of attacks does CVE-2014-8773 enable?

CVE-2014-8773 enables cross-site request forgery (CSRF) attacks by allowing token bypassing.

Can CVE-2014-8773 be exploited without authentication?

Yes, CVE-2014-8773 can be exploited by remote attackers without needing authentication.

Vulnerability/
CVE-2014-8773

medium

6.8

CWE

352

3/12/2014

6/8/2024

CVE-2014-8773: CSRF

First published: Wed Dec 03 2014(Updated: )

MODX Revolution 2.x before 2.2.15 allows remote attackers to bypass the cross-site request forgery (CSRF) protection mechanism by (1) omitting the CSRF token or via a (2) long string in the CSRF token parameter.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
MODx Revolution	=2.0.0
MODx Revolution	=2.0.1
MODx Revolution	=2.0.3
MODx Revolution	=2.0.4
MODx Revolution	=2.0.5
MODx Revolution	=2.0.6
MODx Revolution	=2.0.7
MODx Revolution	=2.0.8
MODx Revolution	=2.1.0
MODx Revolution	=2.1.1
MODx Revolution	=2.1.2
MODx Revolution	=2.1.3
MODx Revolution	=2.1.4
MODx Revolution	=2.1.5
MODx Revolution	=2.2.0
MODx Revolution	=2.2.1
MODx Revolution	=2.2.2
MODx Revolution	=2.2.3
MODx Revolution	=2.2.4
MODx Revolution	=2.2.5
MODx Revolution	=2.2.6
MODx Revolution	=2.2.7
MODx Revolution	=2.2.8
MODx Revolution	=2.2.9
MODx Revolution	=2.2.10
MODx Revolution	=2.2.11
MODx Revolution	=2.2.12
MODx Revolution	=2.2.13
MODx Revolution	=2.2.14

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2014-8773?
CVE-2014-8773 is considered a critical vulnerability as it allows remote attackers to bypass CSRF protection.
How do I fix CVE-2014-8773?
To fix CVE-2014-8773, upgrade to MODX Revolution version 2.2.15 or later.
What versions of MODX Revolution are affected by CVE-2014-8773?
CVE-2014-8773 affects MODX Revolution versions prior to 2.2.15.
What type of attacks does CVE-2014-8773 enable?
CVE-2014-8773 enables cross-site request forgery (CSRF) attacks by allowing token bypassing.
Can CVE-2014-8773 be exploited without authentication?
Yes, CVE-2014-8773 can be exploited by remote attackers without needing authentication.

agent/references
agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/severity
agent/author
agent/description
agent/event
agent/first-publish-date
agent/source
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
agent/weakness
vendor/modx
canonical/modx revolution
version/modx revolution/2.0.0
version/modx revolution/2.0.1
version/modx revolution/2.0.3
version/modx revolution/2.0.4
version/modx revolution/2.0.5
version/modx revolution/2.0.6
version/modx revolution/2.0.7
version/modx revolution/2.0.8
version/modx revolution/2.1.0
version/modx revolution/2.1.1
version/modx revolution/2.1.2
version/modx revolution/2.1.3
version/modx revolution/2.1.4
version/modx revolution/2.1.5
version/modx revolution/2.2.0
version/modx revolution/2.2.1
version/modx revolution/2.2.2
version/modx revolution/2.2.3
version/modx revolution/2.2.4
version/modx revolution/2.2.5
version/modx revolution/2.2.6
version/modx revolution/2.2.7
version/modx revolution/2.2.8
version/modx revolution/2.2.9
version/modx revolution/2.2.10
version/modx revolution/2.2.11
version/modx revolution/2.2.12
version/modx revolution/2.2.13
version/modx revolution/2.2.14