logo

Database

Server side cross-site scripting In modx/revolution

Description

MODX Revolution allows XSS via document resources MODX Revolution through v2.7.0-pl allows XSS via a document resource (such as pagetitle), which is mishandled during an Update action, a Quick Edit action, or the viewing of manager logs.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

Aliases

1. CVE-2018-207562. NVD-2018-207563. OSV-2018-207564. GCVE-2018-20756

References

1. https://github.com/modxcms/revolution/issues/141052. https://github.com/modxcms/revolution/pull/143353. https://github.com/modxcms/revolution/commit/71f894ee55dc4eed10538979761d6c94e8cd1078

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.