CVE-2017-9068

MEDIUM

MODX Revolution <2.5.7 - XSS

Title source: llm

Description

In MODX Revolution before 2.5.7, an attacker is able to trigger Reflected XSS by injecting payloads into several fields on the setup page, as demonstrated by the database_type parameter.

References (2)

[Exploit, Patch, Third Party Advisory] https://citadelo.com/en/2017/04/modx-revolution-cms/

[Issue Tracking] https://github.com/modxcms/revolution/pull/13424

Scores

CVSS v3 6.1

EPSS 0.0024

EPSS Percentile 47.0%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-79

Status published

Products (3)

modx/modx_revolution < 2.5.6

modx/revolution < 2.5.7Packagist

n/a/n/a

Published May 18, 2017

Tracked Since Feb 18, 2026