Vulnerabilities > Modx > Low
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-02-06 | CVE-2018-20758 | Cross-site Scripting vulnerability in Modx Revolution MODX Revolution through v2.7.0-pl allows XSS via User Settings such as Description. | 3.5 |
| 2018-12-28 | CVE-2018-16637 | Cross-site Scripting vulnerability in Modx Evolution CMS Evolution CMS 1.4.x allows XSS via the page weblink title parameter to the manager/ URI. | 3.5 |
| 2018-12-28 | CVE-2018-16638 | Cross-site Scripting vulnerability in Modx Evolution CMS Evolution CMS 1.4.x allows XSS via the manager/ search parameter. | 3.5 |
| 2018-09-26 | CVE-2018-17556 | Cross-site Scripting vulnerability in Modx Revolution 2.6.5 MODX Revolution v2.6.5-pl allows stored XSS via a Create New Media Source action. | 3.5 |
| 2018-06-01 | CVE-2018-10382 | Cross-site Scripting vulnerability in Modx Revolution 2.6.3 MODX Revolution 2.6.3 has XSS. | 3.5 |
| 2017-11-17 | CVE-2017-1000223 | Cross-site Scripting vulnerability in Modx Revolution A stored web content injection vulnerability (WCI, a.k.a XSS) is present in MODX Revolution CMS version 2.5.6 and earlier. | 3.5 |
| 2017-05-18 | CVE-2017-9070 | Cross-site Scripting vulnerability in Modx Revolution In MODX Revolution before 2.5.7, a user with resource edit permissions can inject an XSS payload into the title of any post via the pagetitle parameter to connectors/index.php. | 3.5 |
| 2017-05-18 | CVE-2017-9071 | Cross-site Scripting vulnerability in Modx Revolution In MODX Revolution before 2.5.7, an attacker might be able to trigger XSS by injecting a payload into the HTTP Host header of a request. | 2.6 |