Description
In MODX Revolution before 2.5.7, an attacker is able to trigger Reflected XSS by injecting payloads into several fields on the setup page, as demonstrated by the database_type parameter.
Remediation
References
Related Vulnerabilities
Jboss EAP Improper Input Validation Vulnerability (CVE-2014-0034)
MySQL CVE-2021-35597 Vulnerability (CVE-2021-35597)
WordPress Plugin WP-Live Chat by 3CX Cross-Site Scripting (7.1.04)
Oracle JRE CVE-2017-10295 Vulnerability (CVE-2017-10295)
Drupal Improper Input Validation Vulnerability (CVE-2012-5653)