Description

In MODX Revolution before 2.5.7, an attacker might be able to trigger XSS by injecting a payload into the HTTP Host header of a request. This is exploitable only in conjunction with other issues such as Cache Poisoning.

Remediation

References

CVE-2017-9071

Related Vulnerabilities

WordPress Plugin WP Post Page Clone SQL Injection (1.0)

WordPress Plugin Meta Box-WordPress Custom Fields Framework Arbitrary File Upload (4.16.1)

WordPress Plugin Fast Secure Contact Form-Clockwork SMS Cross-Site Scripting (2.1.2)

Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2014-0124)

Drupal Core 9.3.x Security Bypass (9.3.0 - 9.3.15)

Severity

Medium

Classification

CVE-2017-9071 CWE-707 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities