CVE-2017-9070

Published May 18th, 2017

View on NVD ↗

CVSS v3

N/A

CVSS v2

3.5

LOW

Affected

PROJECT

Description

In MODX Revolution before 2.5.7, a user with resource edit permissions can inject an XSS payload into the title of any post via the pagetitle parameter to connectors/index.php.

modxcms/revolution

MODX Revolution - Content Management Framework

GitHub

1.4K