Modx · Modx Revolution · CVE-2018-20758
Name of the Vulnerable Software and Affected Versions:
MODX Revolution versions prior to v2.7.0-pl
Description:
The issue allows for XSS attacks via User Settings, such as the Description field.
Recommendations:
For MODX Revolution versions prior to v2.7.0-pl, update to a version that contains a fix for this issue.