CVE-2017-9068: MODX Revolution Reflected XSS

May 17, 2022 (updated April 22, 2025)

In MODX Revolution before 2.5.7, an attacker is able to trigger Reflected XSS by injecting payloads into several fields on the setup page, as demonstrated by the database_type parameter.

References

citadelo.com/en/2017/04/modx-revolution-cms
github.com/advisories/GHSA-vrw6-7vgj-vj7x
github.com/modxcms/revolution
github.com/modxcms/revolution/pull/13424
nvd.nist.gov/vuln/detail/CVE-2017-9068

Code Behaviors & Features

Detect and mitigate CVE-2017-9068 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →