Vulnerabilities > Modxcms

DATE CVE VULNERABILITY TITLE RISK
2011-02-02 CVE-2011-0741 Cross-Site Scripting vulnerability in Modxcms Evolution
Multiple cross-site scripting (XSS) vulnerabilities in ModX Evolution before 1.0.5 allow remote attackers to inject arbitrary web script or HTML via the (1) installer or (2) image editor.
network
modxcms CWE-79
4.3
2011-02-02 CVE-2010-3930 Path Traversal vulnerability in Modxcms Evolution
Directory traversal vulnerability in MODx Evolution 1.0.4 and earlier allows remote attackers to read arbitrary files via unspecified vectors related to AjaxSearch, a different vulnerability than CVE-2010-1427.
network
low complexity
modxcms CWE-22
5.0
2011-02-02 CVE-2010-3929 SQL Injection vulnerability in Modxcms Evolution
SQL injection vulnerability in MODx Evolution 1.0.4 and earlier allows remote attackers to execute arbitrary SQL commands via unknown vectors related to AjaxSearch.
network
low complexity
modxcms CWE-89
7.5
2010-04-15 CVE-2010-1427 Cross-Site Scripting vulnerability in Modxcms Evolution
Cross-site scripting (XSS) vulnerability in the SearchHighlight plugin in MODx Evolution before 1.0.3 allows remote attackers to inject arbitrary web script or HTML via unknown vectors related to AjaxSearch.
network
modxcms CWE-79
4.3
2010-04-15 CVE-2010-1426 SQL Injection vulnerability in Modxcms
SQL injection vulnerability in MODx Evolution before 1.0.3 allows remote attackers to execute arbitrary SQL commands via unknown vectors related to WebLogin.
network
low complexity
modxcms CWE-89
7.5
2009-09-17 CVE-2008-7243 Cross-Site Request Forgery (CSRF) vulnerability in Modxcms 0.9.6.1
Cross-site request forgery (CSRF) vulnerability in page 34 in MODx CMS 0.9.6.1 and 0.9.6.1p1 allows remote attackers to hijack the authentication of other users for requests that modify passwords via manager/index.php.
network
modxcms CWE-352
6.8
2009-09-17 CVE-2008-7242 Cross-Site Scripting vulnerability in Modxcms 0.9.6.1
Multiple cross-site scripting (XSS) vulnerabilities in MODx CMS 0.9.6.1 and 0.9.6.1p1 allo remote attackers to inject arbitrary web script or HTML via the (1) search, (2) "a," (3) messagesubject, and (4) messagebody parameters to certain pages as reachable from manager/index.php; (5) highlight, (6) id, (7) email, (8) name, and (9) parent parameters to index.php; and the (10) docgrp and (11) moreResultsPage parameters to index-ajax.php.
network
modxcms CWE-79
4.3
2009-01-22 CVE-2008-5942 Cross-Site Scripting vulnerability in Modxcms
Multiple cross-site scripting (XSS) vulnerabilities in MODx before 0.9.6.3 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) the preserveUrls function and (2) "username input." NOTE: vector 2 may be related to CVE-2008-5939.
network
modxcms CWE-79
4.3
2009-01-22 CVE-2008-5941 Cross-Site Request Forgery (CSRF) vulnerability in Modxcms
Cross-site request forgery (CSRF) vulnerability in MODx 0.9.6.1p2 and earlier allows remote attackers to perform unauthorized actions as other users via unknown vectors.
network
modxcms CWE-352
6.0
2009-01-22 CVE-2008-5940 SQL Injection vulnerability in Modxcms
SQL injection vulnerability in index.php in MODx 0.9.6.2 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the searchid parameter.
network
modxcms CWE-89
6.8