CVE-2017-11744

NONE EPSS 44.4%
Published Jul 30, 20178y ago · Modified Jun 17, 20262w ago
Find Similar
Published Jul 30, 2017 8y ago
Last Modified Jun 17, 2026 2w ago

Description

In MODX Revolution 2.5.7, the "key" and "name" parameters in the System Settings module are vulnerable to XSS. A malicious payload sent to connectors/index.php will be triggered by every user, when they visit this module.

Threat Intelligence

EPSS Exploit Probability
44.4% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-79 Cross-site Scripting Injection

Affected Products 1

VendorProductVersionRange
modxmodx_revolution2.5.7any

References 1

  • github.com https://github.com/modxcms/revolution/issues/13564
    Issue TrackingPatchThird Party Advisory

Remediation

  • github.com https://github.com/modxcms/revolution/issues/13564
    Issue TrackingPatchThird Party Advisory