CVE-2018-20757

MODX Revolution (versions up to 2.7.0-pl) is exposed to Cross-site Scripting (XSS) via extended user fields (e.g., Container name or Attribute name). Root cause: XSS in how user-field data is processed, enabling script injection in the browser. Impact is client-side compromise (data integrity/def...