Vulnerabilities > Modx

DATE CVE VULNERABILITY TITLE RISK
2018-12-28 CVE-2018-16637 Cross-site Scripting vulnerability in Modx Evolution CMS
Evolution CMS 1.4.x allows XSS via the page weblink title parameter to the manager/ URI.
network
modx CWE-79
3.5
2018-09-26 CVE-2018-17556 Cross-site Scripting vulnerability in Modx Revolution 2.6.5
MODX Revolution v2.6.5-pl allows stored XSS via a Create New Media Source action.
network
modx CWE-79
3.5
2018-07-13 CVE-2018-1000208 Path Traversal vulnerability in Modx Revolution
MODX Revolution version <=2.6.4 contains a Directory Traversal vulnerability in /core/model/modx/modmanagerrequest.class.php that can result in remove files.
network
low complexity
modx CWE-22
6.4
2018-07-13 CVE-2018-1000207 Incorrect Permission Assignment for Critical Resource vulnerability in Modx Revolution
MODX Revolution version <=2.6.4 contains a Incorrect Access Control vulnerability in Filtering user parameters before passing them into phpthumb class that can result in Creating file with custom a filename and content.
network
low complexity
modx CWE-732
6.5
2018-06-01 CVE-2018-10382 Cross-site Scripting vulnerability in Modx Revolution 2.6.3
MODX Revolution 2.6.3 has XSS.
network
modx CWE-79
3.5
2017-11-17 CVE-2017-1000223 Cross-site Scripting vulnerability in Modx Revolution
A stored web content injection vulnerability (WCI, a.k.a XSS) is present in MODX Revolution CMS version 2.5.6 and earlier.
network
modx CWE-79
3.5
2017-08-29 CVE-2015-6588 Cross-site Scripting vulnerability in Modx Revolution
Cross-site scripting (XSS) vulnerability in login-fsp.html in MODX Revolution before 1.9.1 allows remote attackers to inject arbitrary web script or HTML via the QUERY_STRING.
network
modx CWE-79
4.3
2017-07-30 CVE-2017-11744 Cross-site Scripting vulnerability in Modx Revolution 2.5.7
In MODX Revolution 2.5.7, the "key" and "name" parameters in the System Settings module are vulnerable to XSS.
network
modx CWE-79
4.3
2017-07-17 CVE-2017-1000067 SQL Injection vulnerability in Modx Revolution
MODX Revolution version 2.x - 2.5.6 is vulnerable to blind SQL injection caused by improper sanitization by the escape method resulting in authenticated user accessing database and possibly escalating privileges.
network
low complexity
modx CWE-89
6.5
2017-05-18 CVE-2017-9071 Cross-site Scripting vulnerability in Modx Revolution
In MODX Revolution before 2.5.7, an attacker might be able to trigger XSS by injecting a payload into the HTTP Host header of a request.
network
high complexity
modx CWE-79
2.6