cvedb.io
CVE-2017-1000223
MEDIUM · CVSS 5.4
EPSS exploitation probability: 0%
Published 2017-11-17T05:29:00.390 · Last modified 2026-06-17T00:58:56.067

Summary

A stored web content injection vulnerability (WCI, a.k.a XSS) is present in MODX Revolution CMS version 2.5.6 and earlier. An authenticated user with permissions to edit users can save malicious JavaScript as a User Group name and potentially take control over victims' accounts. This can lead to an escalation of privileges providing complete administrative control over the CMS.

Affected products

modx — modx_revolution

Does this affect you?

Add your gear to cvedb and we'll alert you only when modx ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.