Vulnerabilities > Modx

DATE	CVE	VULNERABILITY TITLE	RISK
2022-02-26	CVE-2022-26149	Unrestricted Upload of File with Dangerous Type vulnerability in Modx Revolution MODX Revolution through 2.8.3-pl allows remote authenticated administrators to execute arbitrary code by uploading an executable file, because the Uploadable File Types setting can be changed by an administrator. network low complexity modx CWE-434	7.2
2021-10-31	CVE-2020-25911	XXE vulnerability in Modx Revolution 2.7.3 A XML External Entity (XXE) vulnerability was discovered in the modRestServiceRequest component in MODX CMS 2.7.3 which can lead to an information disclosure or denial of service (DOS). network low complexity modx CWE-611	6.4
2019-08-15	CVE-2019-14518	Cross-site Scripting vulnerability in Modx Evolution CMS 2.0.0 Evolution CMS 2.0.x allows XSS via a description and new category location in a template. network low complexity modx CWE-79	5.4
2019-07-24	CVE-2019-1010178	Improper Access Control vulnerability in Modx Fred 1.0.0 Fred MODX Revolution < 1.0.0-beta5 is affected by: Incorrect Access Control - CWE-648. network low complexity modx CWE-284	7.5
2019-07-23	CVE-2019-1010123	Unrestricted Upload of File with Dangerous Type vulnerability in Modx Revolution MODX Revolution Gallery 1.7.0 is affected by: CWE-434: Unrestricted Upload of File with Dangerous Type. network low complexity modx CWE-434	5.0
2019-02-06	CVE-2018-20758	Cross-site Scripting vulnerability in Modx Revolution MODX Revolution through v2.7.0-pl allows XSS via User Settings such as Description. network modx CWE-79	3.5
2019-02-06	CVE-2018-20757	Cross-site Scripting vulnerability in Modx Revolution MODX Revolution through v2.7.0-pl allows XSS via an extended user field such as Container name or Attribute name. network modx CWE-79	4.3
2019-02-06	CVE-2018-20756	Cross-site Scripting vulnerability in Modx Revolution MODX Revolution through v2.7.0-pl allows XSS via a document resource (such as pagetitle), which is mishandled during an Update action, a Quick Edit action, or the viewing of manager logs. network modx CWE-79	4.3
2019-02-06	CVE-2018-20755	Cross-site Scripting vulnerability in Modx Revolution MODX Revolution through v2.7.0-pl allows XSS via the User Photo field. network modx CWE-79	4.3
2018-12-28	CVE-2018-16638	Cross-site Scripting vulnerability in Modx Evolution CMS Evolution CMS 1.4.x allows XSS via the manager/ search parameter. network modx CWE-79	3.5

Vulnerabilities > Modx {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Modx"}]}

Vulnerabilities > Modx