{"url":"http://public2.vulnerablecode.io/api/packages/62296?format=json","purl":"pkg:composer/modx/revolution@2.5.7","type":"composer","namespace":"modx","name":"revolution","version":"2.5.7","qualifiers":{},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"2.7.0","latest_non_vulnerable_version":"2.8.0","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/16558?format=json","vulnerability_id":"VCID-1jqs-phm6-53f4","summary":"MODX Revolution XSS via HTTP Host header\nIn MODX Revolution before 2.5.7, an attacker might be able to trigger XSS by injecting a payload into the HTTP Host header of a request. This is exploitable only in conjunction with other issues such as Cache Poisoning.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-9071","reference_id":"","reference_type":"","scores":[{"value":"0.00301","scoring_system":"epss","scoring_elements":"0.53688","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-9071"},{"reference_url":"https://citadelo.com/en/2017/04/modx-revolution-cms","reference_id":"","reference_type":"","scores":[],"url":"https://citadelo.com/en/2017/04/modx-revolution-cms"},{"reference_url":"https://github.com/modxcms/revolution","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/modxcms/revolution"},{"reference_url":"https://github.com/modxcms/revolution/pull/13426","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/modxcms/revolution/pull/13426"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-9071","reference_id":"CVE-2017-9071","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-9071"},{"reference_url":"https://github.com/advisories/GHSA-p2j4-vrgx-96qg","reference_id":"GHSA-p2j4-vrgx-96qg","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-p2j4-vrgx-96qg"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/62296?format=json","purl":"pkg:composer/modx/revolution@2.5.7","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/modx/revolution@2.5.7"}],"aliases":["CVE-2017-9071","GHSA-p2j4-vrgx-96qg"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1jqs-phm6-53f4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/16586?format=json","vulnerability_id":"VCID-snwa-dg1m-83ae","summary":"MODX Revolution Reflected XSS\nIn MODX Revolution before 2.5.7, an attacker is able to trigger Reflected XSS by injecting payloads into several fields on the setup page, as demonstrated by the database_type parameter.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-9068","reference_id":"","reference_type":"","scores":[{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47421","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-9068"},{"reference_url":"https://citadelo.com/en/2017/04/modx-revolution-cms","reference_id":"","reference_type":"","scores":[],"url":"https://citadelo.com/en/2017/04/modx-revolution-cms"},{"reference_url":"https://github.com/modxcms/revolution","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/modxcms/revolution"},{"reference_url":"https://github.com/modxcms/revolution/pull/13424","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/modxcms/revolution/pull/13424"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-9068","reference_id":"CVE-2017-9068","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-9068"},{"reference_url":"https://github.com/advisories/GHSA-vrw6-7vgj-vj7x","reference_id":"GHSA-vrw6-7vgj-vj7x","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-vrw6-7vgj-vj7x"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/62296?format=json","purl":"pkg:composer/modx/revolution@2.5.7","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/modx/revolution@2.5.7"}],"aliases":["CVE-2017-9068","GHSA-vrw6-7vgj-vj7x"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-snwa-dg1m-83ae"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/modx/revolution@2.5.7"}