EUVD-2007-0657

Malware in sbrugna...

EUVD-2025-6306

Malicious code in bioql PyPI...

CVE-2008-5941

Cross-site request forgery CSRF vulnerability in MODx 0.9.6.1p2 and earlier allows remote attackers to perform unauthorized actions as other users via unknown vectors...

CVE-2025-28010

A cross-site scripting XSS vulnerability has been identified in MODX prior to 3.1.0. The vulnerability allows authenticated users to upload SVG files containing malicious JavaScript code as profile images, which gets executed in victims' browsers when viewing the profile image...

CVE-2025-28010

MODX prior to 3.1.0 is affected by an XSS flaw where authenticated users can upload SVG profile images containing JavaScript, which executes when viewed. Root cause: insufficient validation/sanitization of SVG uploads. Affected product: MODX (MODX Revolution) up to version 3.0.x/pre-3.1.0. Impact...

GHSA-VWQW-WFHV-2XCQ MODX vulnerability allows for XSS via user settings parameters

MODX Revolution through v2.7.0-pl allows XSS via User Settings such as Description...

ModX 2.2.0 - Multiple Vulnerabilities

No description provided by source. Exploit Title: Modx 2.2.0 LFI and Full Path Disclosure Google Dork: if relevant we will automatically add these to the GHDB Date: 13/03/2012 Author: n0tch aka andmuchmore Software Link: http://modx.com/download/ Version: 2.2.0 Tested on: Windows XP/ Windows 7 /...

MODx 0.9.6.1 - 'htcmime.php' Source Code Information Disclosure

source: https://www.securityfocus.com/bid/27096/info MODx is prone to a vulnerability that allows attackers to access source code because the application fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability to retrieve arbitrary files from the vulnerable syst...