Cross-site Scripting (XSS)

modx/revolution is vulnerable to cross-site scripting XSS. The attack is possible because it does not sanitize user photo field, allowing the attacker to inject malicious script through it...

Cross-Site Scripting (XSS)

modx/revolution is vulnerable to cross-site scripting XSS. A remote attacker is able to inject arbitrary Javascript into a victim's browser via a document resource such as pagetitle through the update or quick edit action. The Javascript is executed when viewing manager logs...

Cross-site Scripting (XSS)

modx/revolution is vulnerable to cross-site scripting XSS. The vulnerability exists through an extended user field such as Container name or Attribute name, allowing XSS attacks...

Design/Logic Flaw

MODX Revolution through v2.7.0-pl allows XSS via the User Photo field...

CVE-2018-20758

MODX Revolution through v2.7.0-pl allows XSS via User Settings such as Description...

CVE-2018-20757

MODX Revolution through v2.7.0-pl allows XSS via an extended user field such as Container name or Attribute name...

CVE-2018-20756

MODX Revolution through v2.7.0-pl allows XSS via a document resource such as pagetitle, which is mishandled during an Update action, a Quick Edit action, or the viewing of manager logs...

Design/Logic Flaw

MODX Revolution through v2.7.0-pl allows XSS via User Settings such as Description...

Design/Logic Flaw

MODX Revolution through v2.7.0-pl allows XSS via an extended user field such as Container name or Attribute name...

Cross site scripting

MODX Revolution through v2.7.0-pl allows XSS via a document resource such as pagetitle, which is mishandled during an Update action, a Quick Edit action, or the viewing of manager logs...

CVE-2018-20755

MODX Revolution through v2.7.0-pl allows XSS via the User Photo field...

CVE-2018-20755

MODX Revolution through v2.7.0-pl allows XSS via the User Photo field...

CVE-2018-20757

MODX Revolution through v2.7.0-pl allows XSS via an extended user field such as Container name or Attribute name...

CVE-2018-20758

MODX Revolution through v2.7.0-pl allows XSS via User Settings such as Description...

CVE-2018-20758

MODX Revolution through v2.7.0-pl allows XSS via User Settings such as Description...

CVE-2018-20755

MODX Revolution through v2.7.0-pl allows XSS via the User Photo field...

CVE-2018-20756

MODX Revolution (through v2.7.0-pl) is affected by a cross-site scripting (XSS) vulnerability via a document resource (e.g., pagetitle) that is mishandled during Update or Quick Edit actions, or when viewing manager logs. The issue is documented across multiple sources (NVD and related advisories...

CVE-2018-20755

MODX Revolution (through v2.7.0-pl) is vulnerable to Cross-site Scripting (XSS) via the User Photo field. The root cause is improper handling of input in the user photo workflow (e.g., getProfilePhoto-related path) that allows injected scripts to be rendered in a user’s browser context. Exploitat...

CVE-2018-20756

MODX Revolution through v2.7.0-pl allows XSS via a document resource such as pagetitle, which is mishandled during an Update action, a Quick Edit action, or the viewing of manager logs...

CVE-2018-20758

MODX Revolution