XSS Vulnerability in MODX Revolution before 2.5.7 via pagetitle Parameter
CVE-2017-9070 · LOW Severity
AV:N/AC:M/AU:S/C:N/I:P/A:N
In MODX Revolution before 2.5.7, a user with resource edit permissions can inject an XSS payload into the title of any post via the pagetitle parameter to connectors/index.php.
Learn more about our User Device Pen Test.