Vulnerabilities > Modx

DATE CVE VULNERABILITY TITLE RISK
2022-02-26 CVE-2022-26149 Unrestricted Upload of File with Dangerous Type vulnerability in Modx Revolution
MODX Revolution through 2.8.3-pl allows remote authenticated administrators to execute arbitrary code by uploading an executable file, because the Uploadable File Types setting can be changed by an administrator.
network
low complexity
modx CWE-434
7.2
7.2
2021-10-31 CVE-2020-25911 XXE vulnerability in Modx Revolution 2.7.3
A XML External Entity (XXE) vulnerability was discovered in the modRestServiceRequest component in MODX CMS 2.7.3 which can lead to an information disclosure or denial of service (DOS).
network
low complexity
modx CWE-611
critical
 9.1
9.1
2019-08-15 CVE-2019-14518 Cross-site Scripting vulnerability in Modx Evolution CMS 2.0.0
Evolution CMS 2.0.x allows XSS via a description and new category location in a template.
network
low complexity
modx CWE-79
5.4
5.4
2019-07-24 CVE-2019-1010178 Improper Privilege Management vulnerability in Modx Fred 1.0.0
Fred MODX Revolution < 1.0.0-beta5 is affected by: Incorrect Access Control - CWE-648.
network
low complexity
modx CWE-269
critical
 9.8
9.8
2019-07-23 CVE-2019-1010123 Unrestricted Upload of File with Dangerous Type vulnerability in Modx Revolution
MODX Revolution Gallery 1.7.0 is affected by: CWE-434: Unrestricted Upload of File with Dangerous Type.
network
low complexity
modx CWE-434
7.5
7.5
2019-02-06 CVE-2018-20758 Cross-site Scripting vulnerability in Modx Revolution
MODX Revolution through v2.7.0-pl allows XSS via User Settings such as Description.
network
low complexity
modx CWE-79
5.4
5.4
2019-02-06 CVE-2018-20757 Cross-site Scripting vulnerability in Modx Revolution
MODX Revolution through v2.7.0-pl allows XSS via an extended user field such as Container name or Attribute name.
network
low complexity
modx CWE-79
6.1
6.1
2019-02-06 CVE-2018-20756 Cross-site Scripting vulnerability in Modx Revolution
MODX Revolution through v2.7.0-pl allows XSS via a document resource (such as pagetitle), which is mishandled during an Update action, a Quick Edit action, or the viewing of manager logs.
network
low complexity
modx CWE-79
6.1
6.1
2019-02-06 CVE-2018-20755 Cross-site Scripting vulnerability in Modx Revolution
MODX Revolution through v2.7.0-pl allows XSS via the User Photo field.
network
low complexity
modx CWE-79
6.1
6.1
2018-12-28 CVE-2018-16638 Cross-site Scripting vulnerability in Modx Evolution CMS
Evolution CMS 1.4.x allows XSS via the manager/ search parameter.
network
low complexity
modx CWE-79
5.4
5.4