Vulnerability Details CVE-2017-7320
setup/controllers/language.php in MODX Revolution 2.5.4-pl and earlier does not properly constrain the language parameter, which allows remote attackers to conduct Cookie-Bombing attacks and cause a denial of service (cookie quota exhaustion), or conduct HTTP Response Splitting attacks with resultant XSS, via an invalid parameter value.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 53.6%
CVSS Severity
CVSS v3 Score 6.1
CVSS v2 Score 4.3
References
Products affected by CVE-2017-7320
-
cpe:2.3:a:modx:modx_revolution:1.5.1
-
cpe:2.3:a:modx:modx_revolution:1.5.2
-
cpe:2.3:a:modx:modx_revolution:1.6.1
-
cpe:2.3:a:modx:modx_revolution:1.6.2
-
cpe:2.3:a:modx:modx_revolution:1.6.3
-
cpe:2.3:a:modx:modx_revolution:1.6.4
-
cpe:2.3:a:modx:modx_revolution:1.6.5
-
cpe:2.3:a:modx:modx_revolution:1.7.0
-
cpe:2.3:a:modx:modx_revolution:1.7.1
-
cpe:2.3:a:modx:modx_revolution:1.7.2
-
cpe:2.3:a:modx:modx_revolution:1.7.3
-
cpe:2.3:a:modx:modx_revolution:1.8.0
-
cpe:2.3:a:modx:modx_revolution:1.8.1
-
cpe:2.3:a:modx:modx_revolution:1.9.0
-
cpe:2.3:a:modx:modx_revolution:1.9.1
-
cpe:2.3:a:modx:modx_revolution:1.9.2
-
cpe:2.3:a:modx:modx_revolution:1.9.3
-
cpe:2.3:a:modx:modx_revolution:1.9.4
-
cpe:2.3:a:modx:modx_revolution:1.9.5
-
cpe:2.3:a:modx:modx_revolution:1.9.6
-
cpe:2.3:a:modx:modx_revolution:1.9.7
-
cpe:2.3:a:modx:modx_revolution:2.0.0
-
cpe:2.3:a:modx:modx_revolution:2.0.1
-
cpe:2.3:a:modx:modx_revolution:2.0.2
-
cpe:2.3:a:modx:modx_revolution:2.0.3
-
cpe:2.3:a:modx:modx_revolution:2.0.4
-
cpe:2.3:a:modx:modx_revolution:2.0.5
-
cpe:2.3:a:modx:modx_revolution:2.0.6
-
cpe:2.3:a:modx:modx_revolution:2.0.7
-
cpe:2.3:a:modx:modx_revolution:2.0.8
-
cpe:2.3:a:modx:modx_revolution:2.1.0
-
cpe:2.3:a:modx:modx_revolution:2.1.1
-
cpe:2.3:a:modx:modx_revolution:2.1.2
-
cpe:2.3:a:modx:modx_revolution:2.1.3
-
cpe:2.3:a:modx:modx_revolution:2.1.4
-
cpe:2.3:a:modx:modx_revolution:2.1.5
-
cpe:2.3:a:modx:modx_revolution:2.2.0
-
cpe:2.3:a:modx:modx_revolution:2.2.1
-
cpe:2.3:a:modx:modx_revolution:2.2.10
-
cpe:2.3:a:modx:modx_revolution:2.2.11
-
cpe:2.3:a:modx:modx_revolution:2.2.12
-
cpe:2.3:a:modx:modx_revolution:2.2.13
-
cpe:2.3:a:modx:modx_revolution:2.2.14
-
cpe:2.3:a:modx:modx_revolution:2.2.15
-
cpe:2.3:a:modx:modx_revolution:2.2.16
-
cpe:2.3:a:modx:modx_revolution:2.2.2
-
cpe:2.3:a:modx:modx_revolution:2.2.3
-
cpe:2.3:a:modx:modx_revolution:2.2.4
-
cpe:2.3:a:modx:modx_revolution:2.2.5
-
cpe:2.3:a:modx:modx_revolution:2.2.6
-
cpe:2.3:a:modx:modx_revolution:2.2.7
-
cpe:2.3:a:modx:modx_revolution:2.2.8
-
cpe:2.3:a:modx:modx_revolution:2.2.9
-
cpe:2.3:a:modx:modx_revolution:2.3.0
-
cpe:2.3:a:modx:modx_revolution:2.3.1
-
cpe:2.3:a:modx:modx_revolution:2.3.2
-
cpe:2.3:a:modx:modx_revolution:2.3.3
-
cpe:2.3:a:modx:modx_revolution:2.3.4
-
cpe:2.3:a:modx:modx_revolution:2.3.5
-
cpe:2.3:a:modx:modx_revolution:2.3.6
-
cpe:2.3:a:modx:modx_revolution:2.4.0
-
cpe:2.3:a:modx:modx_revolution:2.4.1
-
cpe:2.3:a:modx:modx_revolution:2.4.2
-
cpe:2.3:a:modx:modx_revolution:2.4.3
-
cpe:2.3:a:modx:modx_revolution:2.4.4
-
cpe:2.3:a:modx:modx_revolution:2.5.0
-
cpe:2.3:a:modx:modx_revolution:2.5.1
-
cpe:2.3:a:modx:modx_revolution:2.5.2
-
cpe:2.3:a:modx:modx_revolution:2.5.3
-
cpe:2.3:a:modx:modx_revolution:2.5.4