Lucene search

MODX Revolution Security Vulnerabilities

cve

CVE-2014-5451

Cross-site scripting (XSS) vulnerability in manager/templates/default/header.tpl in MODX Revolution 2.3.1-pl and earlier allows remote attackers to inject arbitrary web script or HTML via the "a" parameter to manager/. NOTE: this issue exists because of a CVE-2014-2080 regression.

5.6AI Score

0.025EPSS

2014-11-06 06:55 PM

cve

CVE-2018-17556

MODX Revolution v2.6.5-pl allows stored XSS via a Create New Media Source action.

5.4CVSS

5.1AI Score

0.0005EPSS

2022-10-03 04:22 PM

cve

CVE-2018-20755

MODX Revolution through v2.7.0-pl allows XSS via the User Photo field.

6.1CVSS

5.6AI Score

0.001EPSS

2019-02-06 05:29 PM

cve

CVE-2018-20756

MODX Revolution through v2.7.0-pl allows XSS via a document resource (such as pagetitle), which is mishandled during an Update action, a Quick Edit action, or the viewing of manager logs.

6.1CVSS

5.6AI Score

0.001EPSS

2019-02-06 05:29 PM

cve

CVE-2018-20757

MODX Revolution through v2.7.0-pl allows XSS via an extended user field such as Container name or Attribute name.

6.1CVSS

5.6AI Score

0.001EPSS

2019-02-06 05:29 PM