CVE-2017-9070

MEDIUM

MODX Revolution <2.5.7 - XSS

Title source: llm

Description

In MODX Revolution before 2.5.7, a user with resource edit permissions can inject an XSS payload into the title of any post via the pagetitle parameter to connectors/index.php.

References (2)

[Exploit, Patch, Third Party Advisory] https://citadelo.com/en/2017/04/modx-revolution-cms/

[Patch, Vendor Advisory] https://github.com/modxcms/revolution/pull/13415

Scores

CVSS v3 5.4

EPSS 0.0022

EPSS Percentile 44.1%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-79

Status published

Products (3)

modx/modx_revolution < 2.5.6

modx/revolution < 2.5.7Packagist

n/a/n/a

Published May 18, 2017

Tracked Since Feb 18, 2026