Modx Revolution Security Vulnerabilities and Issues — Modx Revolution CVE List

Lucene search

ModxModx Revolution

5 matches found

CVE•added 2019/02/06 5:29 p.m.•44 views

CVE-2018-20757

MODX Revolution through v2.7.0-pl allows XSS via an extended user field such as Container name or Attribute name.

6.1CVSS5.6AI score0.0024EPSS

CVE•added 2019/07/23 1:15 p.m.•42 views

CVE-2019-1010123

MODX Revolution Gallery 1.7.0 is affected by: CWE-434: Unrestricted Upload of File with Dangerous Type. The impact is: Creating file with custom a filename and content. The component is: Filtering user parameters before passing them into phpthumb class. The attack vector is: web request via /assets...

7.5CVSS7.5AI score0.0021EPSS

CVE•added 2019/02/06 5:29 p.m.•40 views

CVE-2018-20756

MODX Revolution through v2.7.0-pl allows XSS via a document resource (such as pagetitle), which is mishandled during an Update action, a Quick Edit action, or the viewing of manager logs.

6.1CVSS5.6AI score0.0024EPSS

CVE•added 2019/02/06 5:29 p.m.•39 views

CVE-2018-20755

MODX Revolution through v2.7.0-pl allows XSS via the User Photo field.

6.1CVSS5.6AI score0.0024EPSS

CVE•added 2019/02/06 5:29 p.m.•35 views

CVE-2018-20758

MODX Revolution through v2.7.0-pl allows XSS via User Settings such as Description.

5.4CVSS5.2AI score0.00206EPSS