Lucene search
K

588 matches found

Github Security Blog
Github Security Blog
added 2022/05/17 2:43 a.m.16 views

MODX Revolution XSS via HTTP Host header

In MODX Revolution before 2.5.7, an attacker might be able to trigger XSS by injecting a payload into the HTTP Host header of a request. This is exploitable only in conjunction with other issues such as Cache Poisoning...

4.7CVSS5.9AI score0.00649EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/17 2:43 a.m.15 views

MODX Revolution Reflected XSS

In MODX Revolution before 2.5.7, an attacker is able to trigger Reflected XSS by injecting payloads into several fields on the setup page, as demonstrated by the databasetype parameter...

6.1CVSS5.9AI score0.00686EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/17 2:43 a.m.11 views

MODX Revolution allows overwriting .htaccess

In MODX Revolution before 2.5.7, a user with file upload permissions is able to execute arbitrary code by uploading a file with the name .htaccess...

8.8CVSS7.7AI score0.01865EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2022/05/17 2:43 a.m.9 views

GHSA-CGRV-6H2H-6F7V MODX Revolution Directory Traversal Vulnerability

In MODX Revolution before 2.5.7, when PHP 5.3.3 is used, an attacker is able to include and execute arbitrary files on the web server due to insufficient validation of the action parameter to setup/index.php, aka directory traversal...

7CVSS7.1AI score0.0082EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2022/05/17 2:43 a.m.12 views

MODX Revolution Directory Traversal Vulnerability

In MODX Revolution before 2.5.7, when PHP 5.3.3 is used, an attacker is able to include and execute arbitrary files on the web server due to insufficient validation of the action parameter to setup/index.php, aka directory traversal...

7CVSS7.4AI score0.0082EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2022/05/17 2:27 a.m.14 views

GHSA-PHHM-6PGM-MXW9 MODX Revolution blind SQL injection

MODX Revolution version 2.x - 2.5.6 is vulnerable to blind SQL injection caused by improper sanitization by the escape method resulting in authenticated user accessing database and possibly escalating privileges...

8.8CVSS9AI score0.01109EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2022/05/17 2:27 a.m.27 views

MODX Revolution blind SQL injection

MODX Revolution version 2.x - 2.5.6 is vulnerable to blind SQL injection caused by improper sanitization by the escape method resulting in authenticated user accessing database and possibly escalating privileges...

8.8CVSS9.1AI score0.01109EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2022/05/14 1:36 a.m.1 views

GHSA-GM2G-65WJ-43G8 MODX Revolution allows XSS through extended user fields

MODX Revolution through v2.7.0-pl allows XSS via an extended user field such as a Container name or Attribute name...

6.1CVSS5.9AI score0.00861EPSS
Exploits1References4
OSV
OSV
added 2022/05/14 1:36 a.m.3 views

GHSA-FPXG-5X79-43RM MODX Revolution allows XSS via document resources

MODX Revolution through v2.7.0-pl allows XSS via a document resource such as pagetitle, which is mishandled during an Update action, a Quick Edit action, or the viewing of manager logs...

6.1CVSS5.9AI score0.00861EPSS
Exploits1References5
Snyk
Snyk
added 2022/05/14 1:36 a.m.5 views

Cross-site Scripting (XSS)

Overview modx/revolution is a Content Management System. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the parseCustomData function in the update.class.php file. An attacker can execute arbitrary scripts in the context of a user's browser by injecting malicious...

6.1CVSS5.5AI score0.00861EPSS
Exploits1References2
OSV
OSV
added 2022/05/14 1:36 a.m.5 views

GHSA-Q4C2-Q63G-62J7 MODX Revolution vulnerable to XSS attack through its User Photo field

MODX Revolution through v2.7.0-pl allows XSS via the User Photo field...

6.1CVSS5.9AI score0.00861EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2022/05/14 1:36 a.m.7 views

MODX Revolution allows XSS through extended user fields

MODX Revolution through v2.7.0-pl allows XSS via an extended user field such as a Container name or Attribute name...

6.1CVSS5.9AI score0.00861EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/14 1:36 a.m.8 views

MODX Revolution vulnerable to XSS attack through its User Photo field

MODX Revolution through v2.7.0-pl allows XSS via the User Photo field...

6.1CVSS5.9AI score0.00861EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/14 1:36 a.m.4 views

MODX Revolution allows XSS via document resources

MODX Revolution through v2.7.0-pl allows XSS via a document resource such as pagetitle, which is mishandled during an Update action, a Quick Edit action, or the viewing of manager logs...

6.1CVSS5.9AI score0.00861EPSS
Exploits1References5Affected Software1
Snyk
Snyk
added 2022/05/14 1:36 a.m.5 views

Cross-site Scripting (XSS)

Overview modx/revolution is a Content Management System. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the getProfilePhoto function in the core/model/modx/moduser.class.php file. An attacker can execute arbitrary scripts in the context of a user's browser sessio...

6.1CVSS5.5AI score0.00861EPSS
Exploits1References2
OSV
OSV
added 2022/05/13 1:48 a.m.27 views

GHSA-M899-6MH4-MPC5 MODX Revolution Incorrect Access Control vulnerability

MODX Revolution version =2.6.4 contains a Incorrect Access Control vulnerability in Filtering user parameters before passing them into phpthumb class that can result in Creating file with custom a filename and content. This attack appear to be exploitable via Web request. This vulnerability appea...

7.2CVSS7AI score0.64088EPSS
Exploits6References6
Github Security Blog
Github Security Blog
added 2022/05/13 1:48 a.m.25 views

MODX Revolution Incorrect Access Control vulnerability

MODX Revolution version =2.6.4 contains a Incorrect Access Control vulnerability in Filtering user parameters before passing them into phpthumb class that can result in Creating file with custom a filename and content. This attack appear to be exploitable via Web request. This vulnerability appea...

7.2CVSS6.9AI score0.64088EPSS
Exploits6References6Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/13 1:31 a.m.6 views

MODX vulnerability allows for XSS via user settings parameters

MODX Revolution through v2.7.0-pl allows XSS via User Settings such as Description...

5.4CVSS5.9AI score0.00609EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2022/05/13 1:31 a.m.3 views

GHSA-VWQW-WFHV-2XCQ MODX vulnerability allows for XSS via user settings parameters

MODX Revolution through v2.7.0-pl allows XSS via User Settings such as Description...

5.4CVSS5.3AI score0.00609EPSS
Exploits0References4
CNVD
CNVD
added 2022/03/01 12:0 a.m.32 views

MODX Revolution code issue vulnerability

MODX Revolution is a PHP-based open source content management system CMS from the US company MODX. The system supports online collaboration, search engine optimization SEO, etc. MODX Revolution has a code issue vulnerability that can be exploited by attackers to execute arbitrary code by uploadin...

7.2CVSS5AI score0.09314EPSS
Exploits4References1
Rows per page
Query Builder