In MODX Revolution before 2.5.7, an attacker might be able to trigger XSS by injecting a payload into the HTTP Host header of a request. This is exploitable only in conjunction with other issues such as Cache Poisoning.
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
Link | Tags |
---|---|
https://citadelo.com/en/2017/04/modx-revolution-cms/ | exploit third party advisory patch |
https://github.com/modxcms/revolution/pull/13426 | patch vendor advisory |