GHSA-P2J4-VRGX-96QG MODX Revolution XSS via HTTP Host header

In MODX Revolution before 2.5.7, an attacker might be able to trigger XSS by injecting a payload into the HTTP Host header of a request. This is exploitable only in conjunction with other issues such as Cache Poisoning...

GHSA-7HHG-XJ2H-5VQ9 MODX Revolution cross-site scripting vulnerability

In MODX Revolution before 2.5.7, a user with resource edit permissions can inject an XSS payload into the title of any post via the pagetitle parameter to connectors/index.php...

MODX Revolution allows overwriting .htaccess

In MODX Revolution before 2.5.7, a user with file upload permissions is able to execute arbitrary code by uploading a file with the name .htaccess...

GHSA-23GJ-X27G-R34F MODX Revolution allows overwriting .htaccess

In MODX Revolution before 2.5.7, a user with file upload permissions is able to execute arbitrary code by uploading a file with the name .htaccess...

GHSA-VRW6-7VGJ-VJ7X MODX Revolution Reflected XSS

In MODX Revolution before 2.5.7, an attacker is able to trigger Reflected XSS by injecting payloads into several fields on the setup page, as demonstrated by the databasetype parameter...

MODX Revolution cross-site scripting vulnerability

In MODX Revolution before 2.5.7, a user with resource edit permissions can inject an XSS payload into the title of any post via the pagetitle parameter to connectors/index.php...

GHSA-CGRV-6H2H-6F7V MODX Revolution Directory Traversal Vulnerability

In MODX Revolution before 2.5.7, when PHP 5.3.3 is used, an attacker is able to include and execute arbitrary files on the web server due to insufficient validation of the action parameter to setup/index.php, aka directory traversal...

MODX Revolution Directory Traversal Vulnerability

In MODX Revolution before 2.5.7, when PHP 5.3.3 is used, an attacker is able to include and execute arbitrary files on the web server due to insufficient validation of the action parameter to setup/index.php, aka directory traversal...

MODX Revolution blind SQL injection

MODX Revolution version 2.x - 2.5.6 is vulnerable to blind SQL injection caused by improper sanitization by the escape method resulting in authenticated user accessing database and possibly escalating privileges...

GHSA-PHHM-6PGM-MXW9 MODX Revolution blind SQL injection

MODX Revolution version 2.x - 2.5.6 is vulnerable to blind SQL injection caused by improper sanitization by the escape method resulting in authenticated user accessing database and possibly escalating privileges...

GHSA-FPXG-5X79-43RM MODX Revolution allows XSS via document resources

MODX Revolution through v2.7.0-pl allows XSS via a document resource such as pagetitle, which is mishandled during an Update action, a Quick Edit action, or the viewing of manager logs...

Cross-site Scripting (XSS)

Overview modx/revolution is a Content Management System. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the getProfilePhoto function in the core/model/modx/moduser.class.php file. An attacker can execute arbitrary scripts in the context of a user's browser sessio...

MODX Revolution allows XSS through extended user fields

MODX Revolution through v2.7.0-pl allows XSS via an extended user field such as a Container name or Attribute name...

GHSA-Q4C2-Q63G-62J7 MODX Revolution vulnerable to XSS attack through its User Photo field

MODX Revolution through v2.7.0-pl allows XSS via the User Photo field...

Cross-site Scripting (XSS)

Overview modx/revolution is a Content Management System. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the parseCustomData function in the update.class.php file. An attacker can execute arbitrary scripts in the context of a user's browser by injecting malicious...

GHSA-GM2G-65WJ-43G8 MODX Revolution allows XSS through extended user fields

MODX Revolution through v2.7.0-pl allows XSS via an extended user field such as a Container name or Attribute name...

MODX Revolution vulnerable to XSS attack through its User Photo field

MODX Revolution through v2.7.0-pl allows XSS via the User Photo field...

MODX Revolution allows XSS via document resources

MODX Revolution through v2.7.0-pl allows XSS via a document resource such as pagetitle, which is mishandled during an Update action, a Quick Edit action, or the viewing of manager logs...

GHSA-M899-6MH4-MPC5 MODX Revolution Incorrect Access Control vulnerability

MODX Revolution version =2.6.4 contains a Incorrect Access Control vulnerability in Filtering user parameters before passing them into phpthumb class that can result in Creating file with custom a filename and content. This attack appear to be exploitable via Web request. This vulnerability appea...

MODX Revolution Incorrect Access Control vulnerability

MODX Revolution version =2.6.4 contains a Incorrect Access Control vulnerability in Filtering user parameters before passing them into phpthumb class that can result in Creating file with custom a filename and content. This attack appear to be exploitable via Web request. This vulnerability appea...