In MODX Revolution prior to 2.5.7, a user with resource edit permissions can inject an XSS payload into the title of any post via the pagetitle parameter to connectors/index.php.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
modx modx revolution |