CVE-2017-9071

MEDIUM

MODX Revolution <2.5.7 - XSS

Title source: llm

Description

In MODX Revolution before 2.5.7, an attacker might be able to trigger XSS by injecting a payload into the HTTP Host header of a request. This is exploitable only in conjunction with other issues such as Cache Poisoning.

References (2)

[Exploit, Patch, Third Party Advisory] https://citadelo.com/en/2017/04/modx-revolution-cms/

[Patch, Vendor Advisory] https://github.com/modxcms/revolution/pull/13426

Scores

CVSS v3 4.7

EPSS 0.0030

EPSS Percentile 53.1%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-79

Status published

Products (3)

modx/modx_revolution < 2.5.6

modx/revolution < 2.5.7Packagist

n/a/n/a

Published May 18, 2017

Tracked Since Feb 18, 2026