CVE-2017-9068
published 2017-05-18CVE-2017-9068: In MODX Revolution before 2.5.7, an attacker is able to trigger Reflected XSS by injecting payloads into several fields on the setup page, as demonstrated by…
PriorityP422medium6.1CVSS 3.0
AVNACLPRNUIRSCCLILAN
EPSS
0.69%
48.0th percentile
In MODX Revolution before 2.5.7, an attacker is able to trigger Reflected XSS by injecting payloads into several fields on the setup page, as demonstrated by the database_type parameter.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| modx | modx_revolution | <= 2.5.6 | — |
| modx | revolution | >= 0 < 2.5.7 | 2.5.7 |
CVSS provenance
nvdv3.06.1MEDIUMCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
MODX Revolution Reflected XSS
osv·2022-05-17
CVE-2017-9068 [MEDIUM] MODX Revolution Reflected XSS
MODX Revolution Reflected XSS
In MODX Revolution before 2.5.7, an attacker is able to trigger Reflected XSS by injecting payloads into several fields on the setup page, as demonstrated by the database_type parameter.
GHSA
MODX Revolution Reflected XSS
ghsa·2022-05-17
CVE-2017-9068 [MEDIUM] CWE-79 MODX Revolution Reflected XSS
MODX Revolution Reflected XSS
In MODX Revolution before 2.5.7, an attacker is able to trigger Reflected XSS by injecting payloads into several fields on the setup page, as demonstrated by the database_type parameter.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2017-05-18
Published