Vulnerabilities > Modx

DATE	CVE	VULNERABILITY TITLE	RISK
2018-12-28	CVE-2018-16637	Cross-site Scripting vulnerability in Modx Evolution CMS Evolution CMS 1.4.x allows XSS via the page weblink title parameter to the manager/ URI. network low complexity modx CWE-79	5.4
2018-09-26	CVE-2018-17556	Cross-site Scripting vulnerability in Modx Revolution 2.6.5 MODX Revolution v2.6.5-pl allows stored XSS via a Create New Media Source action. network low complexity modx CWE-79	5.4
2018-07-13	CVE-2018-1000208	Path Traversal vulnerability in Modx Revolution MODX Revolution version <=2.6.4 contains a Directory Traversal vulnerability in /core/model/modx/modmanagerrequest.class.php that can result in remove files. network low complexity modx CWE-22	7.5
2018-07-13	CVE-2018-1000207	Incorrect Permission Assignment for Critical Resource vulnerability in Modx Revolution MODX Revolution version <=2.6.4 contains a Incorrect Access Control vulnerability in Filtering user parameters before passing them into phpthumb class that can result in Creating file with custom a filename and content. network low complexity modx CWE-732	7.2
2018-06-01	CVE-2018-10382	Cross-site Scripting vulnerability in Modx Revolution 2.6.3 MODX Revolution 2.6.3 has XSS. network low complexity modx CWE-79	5.4
2017-11-17	CVE-2017-1000223	Cross-site Scripting vulnerability in Modx Revolution A stored web content injection vulnerability (WCI, a.k.a XSS) is present in MODX Revolution CMS version 2.5.6 and earlier. network low complexity modx CWE-79	5.4
2017-08-29	CVE-2015-6588	Cross-site Scripting vulnerability in Modx Revolution Cross-site scripting (XSS) vulnerability in login-fsp.html in MODX Revolution before 1.9.1 allows remote attackers to inject arbitrary web script or HTML via the QUERY_STRING. network low complexity modx CWE-79	6.1
2017-07-30	CVE-2017-11744	Cross-site Scripting vulnerability in Modx Revolution 2.5.7 In MODX Revolution 2.5.7, the "key" and "name" parameters in the System Settings module are vulnerable to XSS. network low complexity modx CWE-79	6.1
2017-07-17	CVE-2017-1000067	SQL Injection vulnerability in Modx Revolution MODX Revolution version 2.x - 2.5.6 is vulnerable to blind SQL injection caused by improper sanitization by the escape method resulting in authenticated user accessing database and possibly escalating privileges. network low complexity modx CWE-89	8.8
2017-05-18	CVE-2017-9071	Cross-site Scripting vulnerability in Modx Revolution In MODX Revolution before 2.5.7, an attacker might be able to trigger XSS by injecting a payload into the HTTP Host header of a request. network high complexity modx CWE-79	4.7

Vulnerabilities > Modx {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Modx"}]}

Vulnerabilities > Modx