Description
In MODX Revolution before 2.5.7, an attacker might be able to trigger XSS by injecting a payload into the HTTP Host header of a request. This is exploitable only in conjunction with other issues such as Cache Poisoning.
Remediation
References
Related Vulnerabilities
Python Improper Restriction of XML External Entity Reference Vulnerability (CVE-2017-9233)
Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2015-5265)
Jenkins Deserialization of Untrusted Data Vulnerability (CVE-2021-21604)
WordPress Plugin Easy Forms for MailChimp Unspecified Vulnerability (6.3.2)
Craft CMS Weak Password Recovery Mechanism for Forgotten Password Vulnerability (CVE-2017-8385)