2 matches found
GHSA-P2J4-VRGX-96QG MODX Revolution XSS via HTTP Host header
In MODX Revolution before 2.5.7, an attacker might be able to trigger XSS by injecting a payload into the HTTP Host header of a request. This is exploitable only in conjunction with other issues such as Cache Poisoning...
MODX Revolution 'setup/controllers/language.php' file HTTP response splitting vulnerability
MODX Revolution is a PHP-based open source content management system CMS from the U.S. company MODX. The system supports online collaboration, search engine optimization SEO, add-ons and more. A security vulnerability exists in the setup/controllers/language.php file in MODX Revolution 2.5.4-pl a...