CVE-2017-9070

Name of the Vulnerable Software and Affected Versions MODX Revolution versions prior to 2.5.7

Description The issue allows a user with resource edit permissions to inject an XSS payload into the title of any post via the "connectors/index.php" endpoint, specifically through the pagetitle parameter.

Recommendations For versions prior to 2.5.7, update to version 2.5.7 or later to resolve the issue.