logo

Database

Server side cross-site scripting In modx/revolution

Description

MODX Revolution vulnerable to XSS attack through its User Photo field MODX Revolution through v2.7.0-pl allows XSS via the User Photo field.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

Aliases

1. CVE-2018-207552. NVD-2018-207553. OSV-2018-207554. GCVE-2018-20755

References

1. https://github.com/modxcms/revolution/issues/141022. https://github.com/modxcms/revolution/pull/143353. https://github.com/modxcms/revolution/commit/a12920f1698d3be8e6ba07d746da46e511b911b6

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.