Description

In MODX Revolution before 2.5.7, a user with resource edit permissions can inject an XSS payload into the title of any post via the pagetitle parameter to connectors/index.php.

Remediation

References

CVE-2017-9070

Related Vulnerabilities

Jboss EAP Incorrect Authorization Vulnerability (CVE-2022-0866)

e107 Other Vulnerability (CVE-2004-2039)

WordPress Plugin SEO by Squirrly SEO SQL Injection (12.3.19)

MySQL CVE-2014-6474 Vulnerability (CVE-2014-6474)

Apache HTTP Server Other Vulnerability (CVE-2000-0913)

Severity

Medium

Classification

CVE-2017-9070 CWE-707 CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities