Modx Revolution Security Vulnerabilities and Issues — Modx Revolution CVE List

Lucene search

ModxModx Revolution

7 matches found

CVE•added 2018/06/01 5:29 p.m.•45 views

CVE-2018-10382

MODX Revolution 2.6.3 has XSS.

5.4CVSS5.5AI score0.00206EPSS

CVE•added 2017/11/17 5:29 a.m.•40 views

CVE-2017-1000223

A stored web content injection vulnerability (WCI, a.k.a XSS) is present in MODX Revolution CMS version 2.5.6 and earlier. An authenticated user with permissions to edit users can save malicious JavaScript as a User Group name and potentially take control over victims' accounts. This can lead to an...

5.4CVSS5.7AI score0.00256EPSS

CVE•added 2017/04/25 7:59 p.m.•40 views

CVE-2017-8115

Directory traversal in setup/processors/url_search.php (aka the search page of an unused processor) in MODX Revolution 2.5.7 might allow remote attackers to obtain system directory information.

5.3CVSS5.2AI score0.00144EPSS

CVE•added 2017/05/18 4:29 p.m.•37 views

CVE-2017-9070

In MODX Revolution before 2.5.7, a user with resource edit permissions can inject an XSS payload into the title of any post via the pagetitle parameter to connectors/index.php.

5.4CVSS5.6AI score0.00217EPSS

CVE•added 2019/02/06 5:29 p.m.•35 views

CVE-2018-20758

MODX Revolution through v2.7.0-pl allows XSS via User Settings such as Description.

5.4CVSS5.2AI score0.00206EPSS

CVE•added 2018/09/26 8:29 p.m.•34 views

CVE-2018-17556

MODX Revolution v2.6.5-pl allows stored XSS via a Create New Media Source action.

5.4CVSS5.1AI score0.00191EPSS

CVE•added 2014/12/03 6:59 p.m.•33 views

CVE-2014-8775

MODX Revolution 2.x before 2.2.15 does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie.

5CVSS6.3AI score0.05972EPSS