[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: MODx Installation File XSS Vulnerability

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Re: MODx Installation File XSS Vulnerability
From: jason@xxxxxxxxxxx
Date: Wed, 7 Jul 2010 14:22:24 -0600

First, it's not a workaround to remove the install directory after installing 
MODx; it's a absolute requirement, and there is even a checkbox that will do it 
for you if PHP has permission to remove the files.

Second, no one at or associated with modxcms.com was notified of this in any 
way, shape or form, on June 16, 2010.

How is this a medium severity? This is absolute nonsense, total FUD, and a 
complete non-issue. You should never leave the install directory in place or 
you have much bigger problems than XSS injection.

Prev by Date: [scip_Advisory 4143] Shemes Grabbit Malicious NZB Date Denial of Service
Next by Date: Pligg Installation File XSS Vulnerability
Previous by thread: Re: MODx Installation File XSS Vulnerability
Next by thread: ArtForms 2.1b7.2 RC2 Joomla Component Multiple Remote Vulnerabilities
Index(es):
- Date
- Thread