PT-2017-12219 · Modx · Modx Revolution

Lemon666

Published

2017-07-30

Updated

2017-08-02

CVE-2017-11744

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions MODX Revolution version 2.5.7

Description The issue concerns the System Settings module, where the key and name parameters are susceptible to XSS attacks. When a malicious payload is sent to the "connectors/index.php" endpoint, it will be triggered for every user visiting this module.

Recommendations For MODX Revolution version 2.5.7, consider restricting access to the System Settings module until a fix is available, and avoid using the key and name parameters in the affected module to minimize the risk of exploitation.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2017-11744

Affected Products

Modx Revolution

PT-2017-12219 · Modx · Modx Revolution

CVE-2017-11744

Weakness Enumeration

Related Identifiers

Affected Products

References · 4