Re: MODx Installation File XSS Vulnerability

[jason () modxcms com]

First, it's not a workaround to remove the install directory after installing MODx; it's a absolute requirement, and 
there is even a checkbox that will do it for you if PHP has permission to remove the files.

Second, no one at or associated with modxcms.com was notified of this in any way, shape or form, on June 16, 2010.

How is this a medium severity? This is absolute nonsense, total FUD, and a complete non-issue. You should never leave 
the install directory in place or you have much bigger problems than XSS injection.