Vulnerabilities > Modx
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2018-12-28 | CVE-2018-16637 | Cross-site Scripting vulnerability in Modx Evolution CMS Evolution CMS 1.4.x allows XSS via the page weblink title parameter to the manager/ URI. | 5.4 |
2018-09-26 | CVE-2018-17556 | Cross-site Scripting vulnerability in Modx Revolution 2.6.5 MODX Revolution v2.6.5-pl allows stored XSS via a Create New Media Source action. | 5.4 |
2018-07-13 | CVE-2018-1000208 | Path Traversal vulnerability in Modx Revolution MODX Revolution version <=2.6.4 contains a Directory Traversal vulnerability in /core/model/modx/modmanagerrequest.class.php that can result in remove files. | 7.5 |
2018-07-13 | CVE-2018-1000207 | Incorrect Permission Assignment for Critical Resource vulnerability in Modx Revolution MODX Revolution version <=2.6.4 contains a Incorrect Access Control vulnerability in Filtering user parameters before passing them into phpthumb class that can result in Creating file with custom a filename and content. | 7.2 |
2018-06-01 | CVE-2018-10382 | Cross-site Scripting vulnerability in Modx Revolution 2.6.3 MODX Revolution 2.6.3 has XSS. | 5.4 |
2017-11-17 | CVE-2017-1000223 | Cross-site Scripting vulnerability in Modx Revolution A stored web content injection vulnerability (WCI, a.k.a XSS) is present in MODX Revolution CMS version 2.5.6 and earlier. | 5.4 |
2017-08-29 | CVE-2015-6588 | Cross-site Scripting vulnerability in Modx Revolution Cross-site scripting (XSS) vulnerability in login-fsp.html in MODX Revolution before 1.9.1 allows remote attackers to inject arbitrary web script or HTML via the QUERY_STRING. | 6.1 |
2017-07-30 | CVE-2017-11744 | Cross-site Scripting vulnerability in Modx Revolution 2.5.7 In MODX Revolution 2.5.7, the "key" and "name" parameters in the System Settings module are vulnerable to XSS. | 6.1 |
2017-07-17 | CVE-2017-1000067 | SQL Injection vulnerability in Modx Revolution MODX Revolution version 2.x - 2.5.6 is vulnerable to blind SQL injection caused by improper sanitization by the escape method resulting in authenticated user accessing database and possibly escalating privileges. | 8.8 |
2017-05-18 | CVE-2017-9071 | Cross-site Scripting vulnerability in Modx Revolution In MODX Revolution before 2.5.7, an attacker might be able to trigger XSS by injecting a payload into the HTTP Host header of a request. | 4.7 |