N/A

A stored web content injection vulnerability (WCI, a.k.a XSS) is present in MODX Revolution CMS version 2.5.6 and earlier. An authenticated user with permissions to edit users can save malicious JavaScript as a User Group name and potentially take control over victims' accounts. This can lead to an escalation of privileges providing complete administrative control over the CMS.

N/A

N/A

MODX Revolution CMS 跨站脚本漏洞

MODX Revolution CMS是美国MODX公司的一套功能强大的新一代Web2.0开源内容管理系统（CMS）。该系统支持在线协作、搜索引擎优化（SEO）、附加组件等。 MODX Revolution CMS 2.5.6及之前的版本中存在跨站脚本漏洞。远程攻击者可利用该漏洞将恶意的JavaScript代码存储为User Group名，控制用户账户，提升权限。

N/A

N/A