Description
In MODX Revolution before 2.5.7, an attacker is able to trigger Reflected XSS by injecting payloads into several fields on the setup page, as demonstrated by the database_type parameter.
Remediation
References
Related Vulnerabilities
Apache Tomcat Improper Handling of Exceptional Conditions Vulnerability (CVE-2021-30639)
PHP Improper Input Validation Vulnerability (CVE-2007-0908)
Oracle JRE CVE-2018-2811 Vulnerability (CVE-2018-2811)
MediaWiki Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2020-29004)
MediaWiki Incorrect Permission Assignment for Critical Resource Vulnerability (CVE-2022-41766)