CVE-2017-11744
NONE EPSS 44.4%
Published Jul 30, 20178y ago · Modified Jun 17, 20262w ago
Published Jul 30, 2017 8y ago
Last Modified Jun 17, 2026 2w ago
Description
In MODX Revolution 2.5.7, the "key" and "name" parameters in the System Settings module are vulnerable to XSS. A malicious payload sent to connectors/index.php will be triggered by every user, when they visit this module.
Threat Intelligence
EPSS Exploit Probability
44.4% percentile
Exploit & Patch Status
No Known Exploit
Patch Available
Weaknesses 1
CWE-79 Cross-site Scripting Injection
Affected Products 1
| Vendor | Product | Version | Range |
|---|---|---|---|
| modx | modx_revolution | 2.5.7 | any |
References 1
- github.com https://github.com/modxcms/revolution/issues/13564
Remediation
- github.com https://github.com/modxcms/revolution/issues/13564