Vulnerabilities > Modx > Modx Revolution > 1.9.0

DATE CVE VULNERABILITY TITLE RISK
2019-07-23 CVE-2019-1010123 Unrestricted Upload of File with Dangerous Type vulnerability in Modx Revolution
MODX Revolution Gallery 1.7.0 is affected by: CWE-434: Unrestricted Upload of File with Dangerous Type.
network
low complexity
modx CWE-434
5.0
2019-02-06 CVE-2018-20758 Cross-site Scripting vulnerability in Modx Revolution
MODX Revolution through v2.7.0-pl allows XSS via User Settings such as Description.
network
modx CWE-79
3.5
2019-02-06 CVE-2018-20757 Cross-site Scripting vulnerability in Modx Revolution
MODX Revolution through v2.7.0-pl allows XSS via an extended user field such as Container name or Attribute name.
network
modx CWE-79
4.3
2019-02-06 CVE-2018-20756 Cross-site Scripting vulnerability in Modx Revolution
MODX Revolution through v2.7.0-pl allows XSS via a document resource (such as pagetitle), which is mishandled during an Update action, a Quick Edit action, or the viewing of manager logs.
network
modx CWE-79
4.3
2019-02-06 CVE-2018-20755 Cross-site Scripting vulnerability in Modx Revolution
MODX Revolution through v2.7.0-pl allows XSS via the User Photo field.
network
modx CWE-79
4.3
2018-07-13 CVE-2018-1000208 Path Traversal vulnerability in Modx Revolution
MODX Revolution version <=2.6.4 contains a Directory Traversal vulnerability in /core/model/modx/modmanagerrequest.class.php that can result in remove files.
network
low complexity
modx CWE-22
6.4
2018-07-13 CVE-2018-1000207 Incorrect Permission Assignment for Critical Resource vulnerability in Modx Revolution
MODX Revolution version <=2.6.4 contains a Incorrect Access Control vulnerability in Filtering user parameters before passing them into phpthumb class that can result in Creating file with custom a filename and content.
network
low complexity
modx CWE-732
6.5
2017-11-17 CVE-2017-1000223 Cross-site Scripting vulnerability in Modx Revolution
A stored web content injection vulnerability (WCI, a.k.a XSS) is present in MODX Revolution CMS version 2.5.6 and earlier.
network
modx CWE-79
3.5
2017-08-29 CVE-2015-6588 Cross-site Scripting vulnerability in Modx Revolution
Cross-site scripting (XSS) vulnerability in login-fsp.html in MODX Revolution before 1.9.1 allows remote attackers to inject arbitrary web script or HTML via the QUERY_STRING.
network
modx CWE-79
4.3
2017-05-18 CVE-2017-9071 Cross-site Scripting vulnerability in Modx Revolution
In MODX Revolution before 2.5.7, an attacker might be able to trigger XSS by injecting a payload into the HTTP Host header of a request.
network
high complexity
modx CWE-79
2.6