logo

Database

Server side cross-site scripting In modx/revolution

Description

MODX vulnerability allows for XSS via user settings parameters MODX Revolution through v2.7.0-pl allows XSS via User Settings such as Description.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

Aliases

1. CVE-2018-207582. NVD-2018-207583. OSV-2018-207584. GCVE-2018-20758

References

1. https://github.com/modxcms/revolution/issues/141032. https://github.com/modxcms/revolution/commit/c08fb7c7a1f5979ff1241a7b28ae0f7690756ad3

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.

FLAT-5EAO6 – Vulnerability | Fluid Attacks Database