Description MODX Revolution through v2.7.0-pl allows XSS via an extended user field such as Container name or Attribute name. Remediation References CVE-2018-20757 Related Vulnerabilities Zope Web Application Server Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2021-32674) Apache HTTP Server Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2008-0455) WordPress 5.6.x Multiple Vulnerabilities (5.6 - 5.6.10) Oracle Database Server CVE-2011-0880 Vulnerability (CVE-2011-0880) WordPress Plugin Qiniu Cloudtuchuang Cross-Site Scripting (1.8) Severity Medium Classification CVE-2018-20757 CWE-707 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N Tags Missing Update Known Vulnerabilities