Vulnerabilities > Modx > Modx Revolution > 2.7.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-02-06 | CVE-2018-20758 | Cross-site Scripting vulnerability in Modx Revolution MODX Revolution through v2.7.0-pl allows XSS via User Settings such as Description. | 3.5 |
| 2019-02-06 | CVE-2018-20757 | Cross-site Scripting vulnerability in Modx Revolution MODX Revolution through v2.7.0-pl allows XSS via an extended user field such as Container name or Attribute name. | 4.3 |
| 2019-02-06 | CVE-2018-20756 | Cross-site Scripting vulnerability in Modx Revolution MODX Revolution through v2.7.0-pl allows XSS via a document resource (such as pagetitle), which is mishandled during an Update action, a Quick Edit action, or the viewing of manager logs. | 4.3 |
| 2019-02-06 | CVE-2018-20755 | Cross-site Scripting vulnerability in Modx Revolution MODX Revolution through v2.7.0-pl allows XSS via the User Photo field. | 4.3 |