CVE-2017-9068

Опубликовано: 18 мая 2017

Источник: nvd

CVSS3: 6.1

CVSS2: 4.3

EPSS Низкий

Описание

In MODX Revolution before 2.5.7, an attacker is able to trigger Reflected XSS by injecting payloads into several fields on the setup page, as demonstrated by the database_type parameter.

Ссылки

https://citadelo.com/en/2017/04/modx-revolution-cms/
Exploit
Patch
Third Party Advisory
https://github.com/modxcms/revolution/pull/13424
https://citadelo.com/en/2017/04/modx-revolution-cms/
Exploit
Patch
Third Party Advisory
https://github.com/modxcms/revolution/pull/13424

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:modx:modx_revolution:*:*:*:*:*:*:*:*

Версия до 2.5.6 (включая)

EPSS

Процентиль: 47%

0.0024

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-vrw6-7vgj-vj7x