Modx Revolution@2.2.10 Security Vulnerabilities and Issues — Modx Revolution@2.2.10 CVE List

Lucene search

ModxModx Revolution2.2.10

5 matches found

CVE•added 2014/12/03 6:59 p.m.•45 views

CVE-2014-8773

MODX Revolution 2.x before 2.2.15 allows remote attackers to bypass the cross-site request forgery (CSRF) protection mechanism by (1) omitting the CSRF token or via a (2) long string in the CSRF token parameter.

6.8CVSS7.1AI score0.00361EPSS

CVE•added 2014/12/03 6:59 p.m.•43 views

CVE-2014-8774

Cross-site scripting (XSS) vulnerability in manager/index.php in MODX Revolution 2.x before 2.2.15 allows remote attackers to inject arbitrary web script or HTML via the context_key parameter.

4.3CVSS5.9AI score0.00453EPSS

CVE•added 2014/04/24 2:55 p.m.•39 views

CVE-2014-2736

Multiple SQL injection vulnerabilities in MODX Revolution before 2.2.14 allow remote attackers to execute arbitrary SQL commands via the (1) session ID (PHPSESSID) to index.php or remote authenticated users to execute arbitrary SQL commands via the (2) user parameter to connectors/security/message....

7.5CVSS8.3AI score0.00517EPSS

CVE•added 2014/03/11 7:37 p.m.•37 views

CVE-2014-2311

SQL injection vulnerability in modx.class.php in MODX Revolution 2.0.0 before 2.2.13 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

7.5CVSS8.7AI score0.00413EPSS

CVE•added 2014/12/03 6:59 p.m.•33 views

CVE-2014-8775

MODX Revolution 2.x before 2.2.15 does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie.

5CVSS6.3AI score0.05972EPSS