XSS Vulnerability in MODX Revolution before 2.5.7 via pagetitle Parameter

XSS Vulnerability in MODX Revolution before 2.5.7 via pagetitle Parameter

CVE-2017-9070 · LOW Severity

AV:N/AC:M/AU:S/C:N/I:P/A:N

In MODX Revolution before 2.5.7, a user with resource edit permissions can inject an XSS payload into the title of any post via the pagetitle parameter to connectors/index.php.

Learn more about our User Device Pen Test.