logo

Database

Server side cross-site scripting In modx/revolution

Description

MODX Revolution cross-site scripting vulnerability In MODX Revolution before 2.5.7, a user with resource edit permissions can inject an XSS payload into the title of any post via the pagetitle parameter to connectors/index.php.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

Aliases

1. CVE-2017-90702. NVD-2017-90703. OSV-2017-90704. GCVE-2017-9070

References

1. https://github.com/modxcms/revolution/pull/134152. https://citadelo.com/en/2017/04/modx-revolution-cms

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.