588 matches found
MODX Revolution XSS via HTTP Host header
In MODX Revolution before 2.5.7, an attacker might be able to trigger XSS by injecting a payload into the HTTP Host header of a request. This is exploitable only in conjunction with other issues such as Cache Poisoning...
MODX Revolution Reflected XSS
In MODX Revolution before 2.5.7, an attacker is able to trigger Reflected XSS by injecting payloads into several fields on the setup page, as demonstrated by the databasetype parameter...
MODX Revolution allows overwriting .htaccess
In MODX Revolution before 2.5.7, a user with file upload permissions is able to execute arbitrary code by uploading a file with the name .htaccess...
GHSA-CGRV-6H2H-6F7V MODX Revolution Directory Traversal Vulnerability
In MODX Revolution before 2.5.7, when PHP 5.3.3 is used, an attacker is able to include and execute arbitrary files on the web server due to insufficient validation of the action parameter to setup/index.php, aka directory traversal...
MODX Revolution Directory Traversal Vulnerability
In MODX Revolution before 2.5.7, when PHP 5.3.3 is used, an attacker is able to include and execute arbitrary files on the web server due to insufficient validation of the action parameter to setup/index.php, aka directory traversal...
GHSA-PHHM-6PGM-MXW9 MODX Revolution blind SQL injection
MODX Revolution version 2.x - 2.5.6 is vulnerable to blind SQL injection caused by improper sanitization by the escape method resulting in authenticated user accessing database and possibly escalating privileges...
MODX Revolution blind SQL injection
MODX Revolution version 2.x - 2.5.6 is vulnerable to blind SQL injection caused by improper sanitization by the escape method resulting in authenticated user accessing database and possibly escalating privileges...
GHSA-GM2G-65WJ-43G8 MODX Revolution allows XSS through extended user fields
MODX Revolution through v2.7.0-pl allows XSS via an extended user field such as a Container name or Attribute name...
GHSA-FPXG-5X79-43RM MODX Revolution allows XSS via document resources
MODX Revolution through v2.7.0-pl allows XSS via a document resource such as pagetitle, which is mishandled during an Update action, a Quick Edit action, or the viewing of manager logs...
Cross-site Scripting (XSS)
Overview modx/revolution is a Content Management System. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the parseCustomData function in the update.class.php file. An attacker can execute arbitrary scripts in the context of a user's browser by injecting malicious...
GHSA-Q4C2-Q63G-62J7 MODX Revolution vulnerable to XSS attack through its User Photo field
MODX Revolution through v2.7.0-pl allows XSS via the User Photo field...
MODX Revolution allows XSS through extended user fields
MODX Revolution through v2.7.0-pl allows XSS via an extended user field such as a Container name or Attribute name...
MODX Revolution vulnerable to XSS attack through its User Photo field
MODX Revolution through v2.7.0-pl allows XSS via the User Photo field...
MODX Revolution allows XSS via document resources
MODX Revolution through v2.7.0-pl allows XSS via a document resource such as pagetitle, which is mishandled during an Update action, a Quick Edit action, or the viewing of manager logs...
Cross-site Scripting (XSS)
Overview modx/revolution is a Content Management System. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the getProfilePhoto function in the core/model/modx/moduser.class.php file. An attacker can execute arbitrary scripts in the context of a user's browser sessio...
GHSA-M899-6MH4-MPC5 MODX Revolution Incorrect Access Control vulnerability
MODX Revolution version =2.6.4 contains a Incorrect Access Control vulnerability in Filtering user parameters before passing them into phpthumb class that can result in Creating file with custom a filename and content. This attack appear to be exploitable via Web request. This vulnerability appea...
MODX Revolution Incorrect Access Control vulnerability
MODX Revolution version =2.6.4 contains a Incorrect Access Control vulnerability in Filtering user parameters before passing them into phpthumb class that can result in Creating file with custom a filename and content. This attack appear to be exploitable via Web request. This vulnerability appea...
MODX vulnerability allows for XSS via user settings parameters
MODX Revolution through v2.7.0-pl allows XSS via User Settings such as Description...
GHSA-VWQW-WFHV-2XCQ MODX vulnerability allows for XSS via user settings parameters
MODX Revolution through v2.7.0-pl allows XSS via User Settings such as Description...
MODX Revolution code issue vulnerability
MODX Revolution is a PHP-based open source content management system CMS from the US company MODX. The system supports online collaboration, search engine optimization SEO, etc. MODX Revolution has a code issue vulnerability that can be exploited by attackers to execute arbitrary code by uploadin...