Skip to main content

Modx Revolution CVE-2017-1000223

MEDIUM
Cross-site Scripting (XSS) (CWE-79)
2017-11-17 cve@mitre.org
5.4
CVSS 3.0 · NVD
Share

Severity by source

NVD PRIMARY
5.4 MEDIUM
AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

1
CVE Published
Nov 17, 2017 - 05:29 cve.org
MEDIUM 5.4

DescriptionCVE.org

A stored web content injection vulnerability (WCI, a.k.a XSS) is present in MODX Revolution CMS version 2.5.6 and earlier. An authenticated user with permissions to edit users can save malicious JavaScript as a User Group name and potentially take control over victims' accounts. This can lead to an escalation of privileges providing complete administrative control over the CMS.

AnalysisAI

A stored web content injection vulnerability (WCI, a.k.a XSS) is present in MODX Revolution CMS version 2.5.6 and earlier. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Cross-Site Scripting (XSS) (CWE-79), which allows attackers to inject malicious scripts into web pages viewed by other users. A stored web content injection vulnerability (WCI, a.k.a XSS) is present in MODX Revolution CMS version 2.5.6 and earlier. An authenticated user with permissions to edit users can save malicious JavaScript as a User Group name and potentially take control over victims' accounts. This can lead to an escalation of privileges providing complete administrative control over the CMS. Affected products include: Modx Modx Revolution. Version information: version 2.5.6.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Sanitize all user input, use Content-Security-Policy headers, encode output contextually (HTML, JS, URL). Use frameworks with built-in XSS protection.

CVE-2017-7324 CRITICAL POC
9.8 Mar 30

setup/templates/findcore.php in MODX Revolution 2.5.4-pl and earlier allows remote attackers to execute arbitrary PHP co

CVE-2017-7321 CRITICAL POC
9.8 Mar 30

setup/controllers/welcome.php in MODX Revolution 2.5.4-pl and earlier allows remote attackers to execute arbitrary PHP c

CVE-2017-9069 HIGH POC
8.8 May 18

In MODX Revolution before 2.5.7, a user with file upload permissions is able to execute arbitrary code by uploading a fi

CVE-2017-7323 HIGH POC
8.1 Mar 30

The (1) update and (2) package-installation features in MODX Revolution 2.5.4-pl and earlier use http://rest.modx.com by

CVE-2017-7322 HIGH POC
8.1 Mar 30

The (1) update and (2) package-installation features in MODX Revolution 2.5.4-pl and earlier do not verify X.509 certifi

CVE-2019-1010123 HIGH POC
7.5 Jul 23

MODX Revolution Gallery 1.7.0 is affected by: CWE-434: Unrestricted Upload of File with Dangerous Type. Rated high sever

CVE-2018-1000208 HIGH POC
7.5 Jul 13

MODX Revolution version <=2.6.4 contains a Directory Traversal vulnerability in /core/model/modx/modmanagerrequest.class

CVE-2014-8775 MEDIUM POC
5.0 Dec 03

MODX Revolution 2.x before 2.2.15 does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, whic

CVE-2018-1000207 HIGH POC
7.2 Jul 13

MODX Revolution version <=2.6.4 contains a Incorrect Access Control vulnerability in Filtering user parameters before pa

CVE-2017-9067 HIGH POC
7.0 May 18

In MODX Revolution before 2.5.7, when PHP 5.3.3 is used, an attacker is able to include and execute arbitrary files on t

CVE-2014-8773 MEDIUM POC
6.8 Dec 03

MODX Revolution 2.x before 2.2.15 allows remote attackers to bypass the cross-site request forgery (CSRF) protection mec

CVE-2017-7320 MEDIUM POC
6.1 Mar 30

setup/controllers/language.php in MODX Revolution 2.5.4-pl and earlier does not properly constrain the language paramete

Share

CVE-2017-1000223 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy