Lucene search
K

588 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-1069

Malicious code in bioql PyPI...

7.2CVSS6.9AI score0.09314EPSS
Exploits4References4
RedhatCVE
RedhatCVE
added 2025/05/22 3:51 p.m.9 views

CVE-2020-25911

A XML External Entity XXE vulnerability was discovered in the modRestServiceRequest component in MODX CMS 2.7.3 which can lead to an information disclosure or denial of service DOS...

9.1CVSS6.7AI score0.02308EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 10:49 a.m.8 views

CVE-2017-11744

In MODX Revolution 2.5.7, the "key" and "name" parameters in the System Settings module are vulnerable to XSS. A malicious payload sent to connectors/index.php will be triggered by every user, when they visit this module...

6.1CVSS6.8AI score0.00602EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:47 a.m.9 views

CVE-2017-20155

A vulnerability was found in Sterc Google Analytics Dashboard for MODX up to 1.0.5. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file core/components/analyticsdashboardwidget/elements/tpl/widget.analytics.tpl of the component Internal...

6.1CVSS6.3AI score0.00607EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:10 a.m.16 views

CVE-2019-1010123

MODX Revolution Gallery 1.7.0 is affected by: CWE-434: Unrestricted Upload of File with Dangerous Type. The impact is: Creating file with custom a filename and content. The component is: Filtering user parameters before passing them into phpthumb class. The attack vector is: web request via...

7.5CVSS7AI score0.01188EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:9 a.m.7 views

CVE-2018-17556

MODX Revolution v2.6.5-pl allows stored XSS via a Create New Media Source action...

5.4CVSS5.6AI score0.00588EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:43 a.m.9 views

CVE-2019-1010178

Fred MODX Revolution 1.0.0-beta5 is affected by: Incorrect Access Control - CWE-648. The impact is: Remote Code Execution. The component is: assets/components/fred/web/elfinder/connector.php. The attack vector is: Uploading a PHP file or change data in the database. The fixed version is:...

9.8CVSS7.4AI score0.04585EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:12 a.m.11 views

CVE-2017-9068

In MODX Revolution before 2.5.7, an attacker is able to trigger Reflected XSS by injecting payloads into several fields on the setup page, as demonstrated by the databasetype parameter...

6.1CVSS6AI score0.00686EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 6:55 a.m.6 views

CVE-2017-9069

In MODX Revolution before 2.5.7, a user with file upload permissions is able to execute arbitrary code by uploading a file with the name .htaccess...

8.8CVSS7.8AI score0.01865EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 6:54 a.m.7 views

CVE-2017-9067

In MODX Revolution before 2.5.7, when PHP 5.3.3 is used, an attacker is able to include and execute arbitrary files on the web server due to insufficient validation of the action parameter to setup/index.php, aka directory traversal...

7CVSS7.2AI score0.0082EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 6:33 a.m.10 views

CVE-2017-9070

In MODX Revolution before 2.5.7, a user with resource edit permissions can inject an XSS payload into the title of any post via the pagetitle parameter to connectors/index.php...

5.4CVSS6AI score0.00563EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 3:36 a.m.11 views

CVE-2017-9071

In MODX Revolution before 2.5.7, an attacker might be able to trigger XSS by injecting a payload into the HTTP Host header of a request. This is exploitable only in conjunction with other issues such as Cache Poisoning...

4.7CVSS5.9AI score0.00649EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 2:23 a.m.7 views

CVE-2017-8115

Directory traversal in setup/processors/urlsearch.php aka the search page of an unused processor in MODX Revolution 2.5.7 might allow remote attackers to obtain system directory information...

5.3CVSS7AI score0.02676EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 1:17 a.m.8 views

CVE-2017-1000223

A stored web content injection vulnerability WCI, a.k.a XSS is present in MODX Revolution CMS version 2.5.6 and earlier. An authenticated user with permissions to edit users can save malicious JavaScript as a User Group name and potentially take control over victims' accounts. This can lead to an...

5.4CVSS7.1AI score0.00498EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/21 9:47 p.m.7 views

CVE-2008-5941

Cross-site request forgery CSRF vulnerability in MODx 0.9.6.1p2 and earlier allows remote attackers to perform unauthorized actions as other users via unknown vectors...

6CVSS7.1AI score0.00479EPSS
Exploits0References1
Veracode
Veracode
added 2025/03/20 7:43 a.m.22 views

Cross-site Scripting (XSS)

modx/revolution is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper file validation due to authenticated users being able to upload SVG files containing malicious JavaScript, which executes in victims' browsers when viewing the profile image...

5.4CVSS6AI score0.00234EPSS
Exploits1References3Affected Software1
RedhatCVE
RedhatCVE
added 2025/03/15 8:12 a.m.17 views

CVE-2025-28010

A cross-site scripting XSS vulnerability has been identified in MODX prior to 3.1.0. The vulnerability allows authenticated users to upload SVG files containing malicious JavaScript code as profile images, which gets executed in victims' browsers when viewing the profile image...

5.4CVSS5.5AI score0.00234EPSS
Exploits1References1
OSV
OSV
added 2025/03/13 6:32 p.m.6 views

GHSA-HM54-FG2W-2G6J MODX allows cross-site scripting (XSS) via an SVG file

A cross-site scripting XSS vulnerability has been identified in MODX prior to 3.1.0. The vulnerability allows authenticated users to upload SVG files containing malicious JavaScript code as profile images, which gets executed in victims' browsers when viewing the profile image...

5.4CVSS5.5AI score0.00234EPSS
Exploits1References3
Snyk
Snyk
added 2025/03/13 6:32 p.m.5 views

Cross-site Scripting (XSS)

Overview modx/revolution is a Content Management System. Affected versions of this package are vulnerable to Cross-site Scripting XSS due to improper sanitization of user-uploaded SVG files in the profile image upload feature. Authenticated users can upload SVG files containing malicious JavaScri...

6.4CVSS5.4AI score0.00234EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2025/03/13 6:32 p.m.16 views

MODX allows cross-site scripting (XSS) via an SVG file

A cross-site scripting XSS vulnerability has been identified in MODX prior to 3.1.0. The vulnerability allows authenticated users to upload SVG files containing malicious JavaScript code as profile images, which gets executed in victims' browsers when viewing the profile image...

5.4CVSS5.5AI score0.00234EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder