Description
Cross-site scripting (XSS) vulnerability in manager/templates/default/header.tpl in ModX Revolution before 2.2.11 allows remote attackers to inject arbitrary web script or HTML via the "a" parameter.
Remediation
References
Related Vulnerabilities
WordPress Plugin Nmedia WordPress Member Conversation 'doupload.php' Arbitrary File Upload (1.3)
Drupal Permissions, Privileges, and Access Controls Vulnerability (CVE-2011-2687)
MySQL CVE-2019-2502 Vulnerability (CVE-2019-2502)
WordPress Plugin WooCommerce BuddyPress Integration Security Bypass (3.2.5)