CVE-2017-9071

Опубликовано: 18 мая 2017

Источник: nvd

CVSS3: 4.7

CVSS2: 2.6

EPSS Низкий

Описание

In MODX Revolution before 2.5.7, an attacker might be able to trigger XSS by injecting a payload into the HTTP Host header of a request. This is exploitable only in conjunction with other issues such as Cache Poisoning.

Ссылки

https://citadelo.com/en/2017/04/modx-revolution-cms/
Exploit
Patch
Third Party Advisory
https://github.com/modxcms/revolution/pull/13426
Patch
Vendor Advisory
https://citadelo.com/en/2017/04/modx-revolution-cms/
Exploit
Patch
Third Party Advisory
https://github.com/modxcms/revolution/pull/13426
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:modx:modx_revolution:*:*:*:*:*:*:*:*

Версия до 2.5.6 (включая)

EPSS

Процентиль: 53%

0.00301

Низкий

4.7 Medium

CVSS3

2.6 Low

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-p2j4-vrgx-96qg