Mantissts

**Name of the Vulnerable Software and Affected Versions** MODX Revolution version 2.3.2-pl **Description** A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML via the `callback` parameter in the `manager/assets/fileapi/FileAPI.flash.image.swf` file. **Recommendations** For MODX Revolution version 2.3.2-pl, update to a version that fixes this issue to prevent exploitation.