In MODX Revolution before 2.5.7, an attacker is able to trigger Reflected XSS by injecting payloads into several fields on the setup page, as demonstrated by the database_type parameter.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| modx/revolution(Packagist) | 0 | 2.5.7 | N/A |
CVSS Metrics
