Description
In MODX Revolution before 2.5.7, a user with resource edit permissions can inject an XSS payload into the title of any post via the pagetitle parameter to connectors/index.php.
Remediation
References
Related Vulnerabilities
Chamilo Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2022-27427)
Joomla CVE-2017-7988 Vulnerability (CVE-2017-7988)
WordPress Plugin Diary & Availability Calendar SQL Injection (1.0.3)
WordPress Plugin Social Auto Poster-WordPress Scheduler & Marketing Arbitrary File Upload (5.3.14)
MediaWiki Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2021-31549)