Description
In MODX Revolution before 2.5.7, an attacker is able to trigger Reflected XSS by injecting payloads into several fields on the setup page, as demonstrated by the database_type parameter.
Remediation
References
Related Vulnerabilities
Ruby on Rails Improper Input Validation Vulnerability (CVE-2013-6414)
Drupal Core 7.x Cross-Site Scripting (7.0 - 7.64)
WordPress Plugin Sendit WP Newsletter 'submit.php' Blind SQL Injection (1.5.9)
Oracle Application Server CVE-2006-0283 Vulnerability (CVE-2006-0283)
WordPress Plugin Software License Manager Cross-Site Scripting (4.4.9)