MODX CMS is vulnerable to XML external entity attacks. The vulnerability exists in the ‘collectRequestParameters’ function in ‘modrestservice.class.php’ because the user input is directly parsed without proper sanitation resulting an XXE attack which leads to a leakage of sensitive information or a denial of service attack.