Description
Cross-site scripting (XSS) vulnerability in manager/assets/fileapi/FileAPI.flash.image.swf in MODX Revolution 2.3.2-pl allows remote attackers to inject arbitrary web script or HTML via the callback parameter.
Remediation
References
Related Vulnerabilities
WordPress Plugin Collapse-O-Matic Cross-Site Scripting (1.6.8)
Moodle Improper Input Validation Vulnerability (CVE-2019-3847)
WordPress Plugin RestroPress-Online Food Ordering System Cross-Site Request Forgery (2.8.2)
WordPress Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-3818)