Description

In MODX Revolution before 2.5.7, an attacker might be able to trigger XSS by injecting a payload into the HTTP Host header of a request. This is exploitable only in conjunction with other issues such as Cache Poisoning.

Remediation

References

CVE-2017-9071

Related Vulnerabilities

WordPress Plugin Font Organizer Cross-Site Scripting (2.1.1)

WordPress Plugin Rucy Cross-Site Request Forgery (0.4.4)

MySQL Use After Free Vulnerability (CVE-2017-3302)

PostgreSQL Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2024-24213)

WordPress Plugin Asgaros Forum Security Bypass (1.5.7)

Severity

Medium

Classification

CVE-2017-9071 CWE-707 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities