Modx · Modx Revolution · CVE-2014-8992
**Name of the Vulnerable Software and Affected Versions**
MODX Revolution version 2.3.2-pl
**Description**
A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML via the `callback` parameter in the `manager/assets/fileapi/FileAPI.flash.image.swf` file.
**Recommendations**
For MODX Revolution version 2.3.2-pl, update to a version that fixes this issue to prevent exploitation.