Bugtraq mailing list archives
Re: MODx Installation File XSS Vulnerability
From: jason () modxcms com
Date: Wed, 7 Jul 2010 14:22:24 -0600
First, it's not a workaround to remove the install directory after installing MODx; it's a absolute requirement, and there is even a checkbox that will do it for you if PHP has permission to remove the files. Second, no one at or associated with modxcms.com was notified of this in any way, shape or form, on June 16, 2010. How is this a medium severity? This is absolute nonsense, total FUD, and a complete non-issue. You should never leave the install directory in place or you have much bigger problems than XSS injection.
Current thread:
- MODx Installation File XSS Vulnerability Andrei Rimsa (Jul 07)
- <Possible follow-ups>
- Re: MODx Installation File XSS Vulnerability rimsa (Jul 08)
- Re: MODx Installation File XSS Vulnerability jason (Jul 08)