CVE-2017-7320

Name of the Vulnerable Software and Affected Versions MODX Revolution versions 2.5.4-pl and earlier

Description The issue allows remote attackers to conduct attacks, potentially leading to a denial of service due to cookie quota exhaustion or HTTP Response Splitting attacks, which can result in XSS. This is because the language parameter in the setup/controllers/language.php file is not properly constrained, allowing for invalid parameter values to be used.

Recommendations For MODX Revolution versions 2.5.4-pl and earlier, update to a version that properly constrains the language parameter to prevent such attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.