EUVD-2018-13299

Malware in sbrugna...

Cross-Site Scripting (XSS)

modx/revolution is vulnerable to cross-site scripting XSS. A remote attacker is able to inject arbitrary Javascript into a victim's browser via a document resource such as pagetitle through the update or quick edit action. The Javascript is executed when viewing manager logs...

CVE-2018-20756

MODX Revolution through v2.7.0-pl allows XSS via a document resource such as pagetitle, which is mishandled during an Update action, a Quick Edit action, or the viewing of manager logs...

Cross site scripting

MODX Revolution through v2.7.0-pl allows XSS via a document resource such as pagetitle, which is mishandled during an Update action, a Quick Edit action, or the viewing of manager logs...

CVE-2018-20756

MODX Revolution through v2.7.0-pl allows XSS via a document resource such as pagetitle, which is mishandled during an Update action, a Quick Edit action, or the viewing of manager logs...

CVE-2018-20756

MODX Revolution through v2.7.0-pl allows XSS via a document resource such as pagetitle, which is mishandled during an Update action, a Quick Edit action, or the viewing of manager logs...

CVE-2018-20756

MODX Revolution (through v2.7.0-pl) is affected by a cross-site scripting (XSS) vulnerability via a document resource (e.g., pagetitle) that is mishandled during Update or Quick Edit actions, or when viewing manager logs. The issue is documented across multiple sources (NVD and related advisories...