Vulnerabilities > Modx

DATE CVE VULNERABILITY TITLE RISK
2019-08-15 CVE-2019-14518 Cross-Site Scripting vulnerability in Modx Evolution CMS 2.0.0
** DISPUTED ** Evolution CMS 2.0.x allows XSS via a description and new category location in a template.
network
modx CWE-79
3.5
2019-07-24 CVE-2019-1010178 Improper Access Control vulnerability in Modx Fred 1.0.0
Fred MODX Revolution < 1.0.0-beta5 is affected by: Incorrect Access Control - CWE-648.
network
low complexity
modx CWE-284
7.5
2019-07-23 CVE-2019-1010123 Unrestricted Upload of File With Dangerous Type vulnerability in Modx Revolution
MODX Revolution Gallery 1.7.0 is affected by: CWE-434: Unrestricted Upload of File with Dangerous Type.
network
low complexity
modx CWE-434
5.0
2019-02-06 CVE-2018-20758 Cross-Site Scripting vulnerability in Modx Revolution
MODX Revolution through v2.7.0-pl allows XSS via User Settings such as Description.
network
modx CWE-79
3.5
2019-02-06 CVE-2018-20757 Cross-Site Scripting vulnerability in Modx Revolution
MODX Revolution through v2.7.0-pl allows XSS via an extended user field such as Container name or Attribute name.
network
modx CWE-79
4.3
2019-02-06 CVE-2018-20756 Cross-Site Scripting vulnerability in Modx Revolution
MODX Revolution through v2.7.0-pl allows XSS via a document resource (such as pagetitle), which is mishandled during an Update action, a Quick Edit action, or the viewing of manager logs.
network
modx CWE-79
4.3
2019-02-06 CVE-2018-20755 Cross-Site Scripting vulnerability in Modx Revolution
MODX Revolution through v2.7.0-pl allows XSS via the User Photo field.
network
modx CWE-79
4.3
2018-12-28 CVE-2018-16638 Cross-Site Scripting vulnerability in Modx Evolution CMS
Evolution CMS 1.4.x allows XSS via the manager/ search parameter.
network
modx CWE-79
3.5
2018-12-28 CVE-2018-16637 Cross-Site Scripting vulnerability in Modx Evolution CMS
Evolution CMS 1.4.x allows XSS via the page weblink title parameter to the manager/ URI.
network
modx CWE-79
3.5
2018-09-26 CVE-2018-17556 Cross-Site Scripting vulnerability in Modx Revolution 2.6.5
MODX Revolution v2.6.5-pl allows stored XSS via a Create New Media Source action.
network
modx CWE-79
3.5