3 matches found
CVE-2018-20755
MODX Revolution through v2.7.0-pl allows XSS via the User Photo field...
CVE-2018-20755
MODX Revolution through v2.7.0-pl allows XSS via the User Photo field...
CVE-2018-20755
MODX Revolution (through v2.7.0-pl) is vulnerable to Cross-site Scripting (XSS) via the User Photo field. The root cause is improper handling of input in the user photo workflow (e.g., getProfilePhoto-related path) that allows injected scripts to be rendered in a user’s browser context. Exploitat...