Cross site scripting

2017-05-1816:29:00

PRIOn knowledge base

www.prio-n.com

5.2 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

24.8%

JSON

In MODX Revolution before 2.5.7, a user with resource edit permissions can inject an XSS payload into the title of any post via the pagetitle parameter to connectors/index.php.

CPENameOperatorVersion
modx_revolutionle2.5.6

CPE	Name	Operator	Version
	modx_revolution	le	2.5.6

References

citadelo.com/en/2017/04/modx-revolution-cms/

github.com/modxcms/revolution/pull/13415