3 matches found
CVE-2017-9070
In MODX Revolution before 2.5.7, a user with resource edit permissions can inject an XSS payload into the title of any post via the pagetitle parameter to connectors/index.php...
CVE-2017-9070
CVE-2017-9070 affects MODX Revolution before 2.5.7. A user with resource edit permissions can inject an XSS payload into the title of any post via the pagetitle parameter to connectors/index.php, enabling arbitrary script/HTML in titles. Root cause: input in the title field is not properly saniti...
MODX CMS 2.x < 2.5.7 Multiple Vulnerabilities
MODX CMS is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:modx:revolution"; if description...