ID CVE-2017-11744 Type cve Reporter NVD Modified 2017-08-02T09:37:16
Description
In MODX Revolution 2.5.7, the "key" and "name" parameters in the System Settings module are vulnerable to XSS. A malicious payload sent to connectors/index.php will be triggered by every user, when they visit this module.
{"id": "CVE-2017-11744", "bulletinFamily": "NVD", "title": "CVE-2017-11744", "description": "In MODX Revolution 2.5.7, the \"key\" and \"name\" parameters in the System Settings module are vulnerable to XSS. A malicious payload sent to connectors/index.php will be triggered by every user, when they visit this module.", "published": "2017-07-30T11:29:00", "modified": "2017-08-02T09:37:16", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11744", "reporter": "NVD", "references": ["https://github.com/modxcms/revolution/issues/13564"], "cvelist": ["CVE-2017-11744"], "type": "cve", "lastseen": "2017-08-03T10:33:09", "history": [{"bulletin": {"assessment": {"href": "", "name": "", "system": ""}, "bulletinFamily": "NVD", "cpe": [], "cvelist": ["CVE-2017-11744"], "cvss": {"score": 0.0, "vector": "NONE"}, "description": "In MODX Revolution 2.5.7, the \"key\" and \"name\" parameters in the System Settings module are vulnerable to XSS. A malicious payload sent to connectors/index.php will be triggered by every user, when they visit this module.", "edition": 1, "enchantments": {}, "hash": "4af508b5220b951a7e6f5b1527063673344cf214d00469ade491d33543be4b3a", "hashmap": [{"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "scanner"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "reporter"}, {"hash": "745f62984a68720e7caefcd687fce040", "key": "references"}, {"hash": "d8489570bfd97c76521297ac84313e1a", "key": "cvelist"}, {"hash": "6d3f4796275bb54c21a33b82f399cc6d", "key": "assessment"}, {"hash": "edd33a4222ea80e7090c599272647f34", "key": "href"}, {"hash": "a2b96ec6bada8b5da632a4fae03b2eb7", "key": "published"}, {"hash": "a2b96ec6bada8b5da632a4fae03b2eb7", "key": "modified"}, {"hash": "1d936bbfbdd1b53dbcd89291ab583a76", "key": "description"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "c314a5e3ae4b9b4d6fcf49cf75862f5a", "key": "title"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11744", "id": "CVE-2017-11744", "lastseen": "2017-07-31T10:33:25", "modified": "2017-07-30T11:29:00", "objectVersion": "1.3", "published": "2017-07-30T11:29:00", "references": ["https://github.com/modxcms/revolution/issues/13564"], "reporter": "NVD", "scanner": [], "title": "CVE-2017-11744", "type": "cve", "viewCount": 0}, "differentElements": ["cvss", "modified", "cpe"], "edition": 1, "lastseen": "2017-07-31T10:33:25"}], "edition": 2, "hashmap": [{"key": "assessment", "hash": "6d3f4796275bb54c21a33b82f399cc6d"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "cf495f67cda04e916f4f4bc9c08b607d"}, {"key": "cvelist", "hash": "d8489570bfd97c76521297ac84313e1a"}, {"key": "cvss", "hash": "6e9bdd2021503689a2ad9254c9cdf2b3"}, {"key": "description", "hash": "1d936bbfbdd1b53dbcd89291ab583a76"}, {"key": "href", "hash": "edd33a4222ea80e7090c599272647f34"}, {"key": "modified", "hash": "0dc1aa30ffa82df7dee744d952104c29"}, {"key": "published", "hash": "a2b96ec6bada8b5da632a4fae03b2eb7"}, {"key": "references", "hash": "745f62984a68720e7caefcd687fce040"}, {"key": "reporter", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "scanner", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "title", "hash": "c314a5e3ae4b9b4d6fcf49cf75862f5a"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "5be39162827acddd1d5645ff89dc283e7248077eae339ce26b344b007c2af93c", "viewCount": 7, "enchantments": {"vulnersScore": 3.3}, "objectVersion": "1.3", "cpe": ["cpe:/a:modx:modx_revolution:2.5.7"], "assessment": {"href": "", "name": "", "system": ""}, "scanner": []}
