MODx CMS Cross Site Scripting and Remote File Include Vulnerabilities
An attacker can exploit these issues via a browser. To exploit the cross-site scripting issue, the attacker must entice an unsuspecting victim into following a malicious URI.
The following example URIs are available:
The attacker creates a malicious POST request that sets the username box to the following value: "+onmouseover=alert(400942638703)+".