Vulnerabilities > Modx
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-02-26 | CVE-2022-26149 | Unrestricted Upload of File with Dangerous Type vulnerability in Modx Revolution MODX Revolution through 2.8.3-pl allows remote authenticated administrators to execute arbitrary code by uploading an executable file, because the Uploadable File Types setting can be changed by an administrator. | 7.2 |
2021-10-31 | CVE-2020-25911 | XXE vulnerability in Modx Revolution 2.7.3 A XML External Entity (XXE) vulnerability was discovered in the modRestServiceRequest component in MODX CMS 2.7.3 which can lead to an information disclosure or denial of service (DOS). | 6.4 |
2019-08-15 | CVE-2019-14518 | Cross-site Scripting vulnerability in Modx Evolution CMS 2.0.0 Evolution CMS 2.0.x allows XSS via a description and new category location in a template. | 5.4 |
2019-07-24 | CVE-2019-1010178 | Improper Access Control vulnerability in Modx Fred 1.0.0 Fred MODX Revolution < 1.0.0-beta5 is affected by: Incorrect Access Control - CWE-648. | 7.5 |
2019-07-23 | CVE-2019-1010123 | Unrestricted Upload of File with Dangerous Type vulnerability in Modx Revolution MODX Revolution Gallery 1.7.0 is affected by: CWE-434: Unrestricted Upload of File with Dangerous Type. | 5.0 |
2019-02-06 | CVE-2018-20758 | Cross-site Scripting vulnerability in Modx Revolution MODX Revolution through v2.7.0-pl allows XSS via User Settings such as Description. | 3.5 |
2019-02-06 | CVE-2018-20757 | Cross-site Scripting vulnerability in Modx Revolution MODX Revolution through v2.7.0-pl allows XSS via an extended user field such as Container name or Attribute name. | 4.3 |
2019-02-06 | CVE-2018-20756 | Cross-site Scripting vulnerability in Modx Revolution MODX Revolution through v2.7.0-pl allows XSS via a document resource (such as pagetitle), which is mishandled during an Update action, a Quick Edit action, or the viewing of manager logs. | 4.3 |
2019-02-06 | CVE-2018-20755 | Cross-site Scripting vulnerability in Modx Revolution MODX Revolution through v2.7.0-pl allows XSS via the User Photo field. | 4.3 |
2018-12-28 | CVE-2018-16638 | Cross-site Scripting vulnerability in Modx Evolution CMS Evolution CMS 1.4.x allows XSS via the manager/ search parameter. | 3.5 |