Modx Revolution@* Security Vulnerabilities and Issues — Modx Revolution@* CVE List

Lucene search

ModxModx Revolution*

6 matches found

CVE•added 2019/02/06 5:29 p.m.•44 views

CVE-2018-20757

MODX Revolution through v2.7.0-pl allows XSS via an extended user field such as Container name or Attribute name.

6.1CVSS5.6AI score0.0024EPSS

CVE•added 2017/05/18 4:29 p.m.•40 views

CVE-2017-9068

In MODX Revolution before 2.5.7, an attacker is able to trigger Reflected XSS by injecting payloads into several fields on the setup page, as demonstrated by the database_type parameter.

6.1CVSS6.2AI score0.0024EPSS

CVE•added 2019/02/06 5:29 p.m.•40 views

CVE-2018-20756

MODX Revolution through v2.7.0-pl allows XSS via a document resource (such as pagetitle), which is mishandled during an Update action, a Quick Edit action, or the viewing of manager logs.

6.1CVSS5.6AI score0.0024EPSS

CVE•added 2019/02/06 5:29 p.m.•39 views

CVE-2018-20755

MODX Revolution through v2.7.0-pl allows XSS via the User Photo field.

6.1CVSS5.6AI score0.0024EPSS

CVE•added 2017/03/30 7:59 a.m.•38 views

CVE-2017-7320

setup/controllers/language.php in MODX Revolution 2.5.4-pl and earlier does not properly constrain the language parameter, which allows remote attackers to conduct Cookie-Bombing attacks and cause a denial of service (cookie quota exhaustion), or conduct HTTP Response Splitting attacks with resulta...

6.1CVSS6.4AI score0.0031EPSS

Web

CVE•added 2017/08/29 3:29 p.m.•34 views

CVE-2015-6588

Cross-site scripting (XSS) vulnerability in login-fsp.html in MODX Revolution before 1.9.1 allows remote attackers to inject arbitrary web script or HTML via the QUERY_STRING.

6.1CVSS6AI score0.00196EPSS

Web