Description
In MODX Revolution before 2.5.7, an attacker is able to trigger Reflected XSS by injecting payloads into several fields on the setup page, as demonstrated by the database_type parameter.
Remediation
References
Related Vulnerabilities
WordPress Plugin Jock on air now Multiple Vulnerabilities (5.6.1)
WordPress Plugin WP REST API (WP API) Cross-Site Scripting (1.2.2)
Plone CMS Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-5498)
WordPress Plugin All-In-One Security (AIOS)-Security and Firewall Cross-Site Scripting (4.4.5)
WordPress Plugin PopCash.Net Code Integration Tool Cross-Site Scripting (1.0)