Vulnerability Description
In MODX Revolution before 2.5.7, an attacker is able to trigger Reflected XSS by injecting payloads into several fields on the setup page, as demonstrated by the database_type parameter.
CVSS Score
6.1
MEDIUM
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Modx | Modx Revolution | <= 2.5.6 |
Related Weaknesses (CWE)
References
- https://citadelo.com/en/2017/04/modx-revolution-cms/ExploitPatchThird Party Advisory
- https://github.com/modxcms/revolution/pull/13424
- https://citadelo.com/en/2017/04/modx-revolution-cms/ExploitPatchThird Party Advisory
- https://github.com/modxcms/revolution/pull/13424
FAQ
What is CVE-2017-9068?
CVE-2017-9068 is a vulnerability with a CVSS score of 6.1 (MEDIUM). In MODX Revolution before 2.5.7, an attacker is able to trigger Reflected XSS by injecting payloads into several fields on the setup page, as demonstrated by the database_type parameter.
How severe is CVE-2017-9068?
CVE-2017-9068 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-9068?
Check the references section above for vendor advisories and patch information. Affected products include: Modx Modx Revolution.