MODx

Links

3 links submitted so far. Submit your own links.

News

Edit RSS feeds.

modx logo evolution

Posted 13 days ago by Ryan Thrash

Get a sneak peek at the future branding changes coming soon to our our little corner of the web-building universe.

The Evolution of a Revolution

Posted 29 days ago by Ryan Thrash

MODx has been around quite a while now and it's time we made some changes. We think you'll like them!

The anatomy of a snippet call

Posted 5 months ago by Zaigham Rana

The anatomy of a snippet call - A wiki article written by our team member, explains the basics of the snippets...

Re: Acknowledgment: [DSECRG-08-013] Modx 0.9.6.1, 0.9.6.1p1 Multiple Security Vulner

Posted 6 months ago

Based on further analysis there is one legitimate bug contained in the distribution that while we've not been able to find security vectors using the flaw, it is not inconceivable that a determined hacker could not do so. This lies with the search ... [More] highlight plugin. To fix this, patch two lines starting near line 52 to as follows:
Code:  $searched = strip_tags(urldecode($_REQUEST['searched']));
  $highlight = strip_tags(urldecode($_REQUEST['highlight']));
Alternately, you can simply disable the search highlight plugin entirely by logging into the manager and going to Resources > Manage Resources > Plugin tab. From there, click the Search Highlight plugin name in the list of names, then check the first checkbox near the top that says "Plugin Disabled" (or your relevant local language string).

The currently available build on the download page contains this patch. If you're running an existing site, the best option is to patch or disable the Search Highlight plugin per the above. [Less]

Acknowledgment: [DSECRG-08-013] Modx 0.9.6.1, 0.9.6.1p1 Multiple Security Vulner

Posted 7 months ago

The MODx team believes the following security notice is sophistical – plausible but misleading (some would refer to it as "FUD"). We are continuing further investigations.

[DSECRG-08-013] Modx 0.9.6.1, 0.9.6.1p1 Multiple Security ... [More] Vulnerabilities

To reproduce the security compromises listed above, a malicious hacker would first have to hijack a valid manager session, then convince someone to visit a link to the site with that session and their XSS content inserted. This could be of concern however in the instance when you have a large Manager User base of untrusted individuals. In either case, there are larger security implications.

For more information and discussion, please visit this thread in these forums. We do not have every server or browser combination under which we can test the above listed compromises, so we would tremendously appreciate assistance/confirmation . If you are able t... [Less]

Read all MODx articles…