Description
In MODX Revolution before 2.5.7, a user with resource edit permissions can inject an XSS payload into the title of any post via the pagetitle parameter to connectors/index.php.
Remediation
References
Related Vulnerabilities
WordPress Plugin BuddyPress Security Bypass (2.3.4)
Drupal Permissions, Privileges, and Access Controls Vulnerability (CVE-2014-5267)
Oracle Database Server CVE-2009-1964 Vulnerability (CVE-2009-1964)
Drupal Reliance on Cookies without Validation and Integrity Checking Vulnerability (CVE-2022-29248)