Description
In MODX Revolution before 2.5.7, an attacker might be able to trigger XSS by injecting a payload into the HTTP Host header of a request. This is exploitable only in conjunction with other issues such as Cache Poisoning.
Remediation
References
Related Vulnerabilities
Atlassian Jira Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2019-8447)
WordPress Plugin Yandex Money button Cross-Site Scripting (2.3.3)
PHP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2010-2531)
phpMyAdmin Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2016-5734)