Description
Cross-site scripting (XSS) vulnerability in manager/assets/fileapi/FileAPI.flash.image.swf in MODX Revolution 2.3.2-pl allows remote attackers to inject arbitrary web script or HTML via the callback parameter.
Remediation
References
Related Vulnerabilities
PHP Use of Externally-Controlled Format String Vulnerability (CVE-2006-0200)
WordPress Plugin Social Media Widget by Acurax Cross-Site Request Forgery (3.2.5)
Zope Web Application Server Other Vulnerability (CVE-2002-0688)
Apache HTTP Server Other Vulnerability (CVE-2002-1658)
WordPress Plugin Instagram Feed Unspecified Vulnerability (1.11.3)