3 matches found
Cross-site Scripting (XSS)
modx/revolution is vulnerable to cross-site scripting XSS. The vulnerability exists through an extended user field such as Container name or Attribute name, allowing XSS attacks...
CVE-2018-20757
MODX Revolution through v2.7.0-pl allows XSS via an extended user field such as Container name or Attribute name...
Design/Logic Flaw
MODX Revolution through v2.7.0-pl allows XSS via an extended user field such as Container name or Attribute name...