Known Vulnerabilities for Modx Revolution by Modx
Listed below are 10 of the newest known vulnerabilities associated with "Modx Revolution" by "Modx".
These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.
Data on known vulnerable versions is also displayed based on information from known CPEs
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2020-25911 json | A XML External Entity (XXE) vulnerability was discovered in the modRestServiceRequest component in MODX CMS 2.7.3 which can l... | 9.1 - CRITICAL | 2021-10-31 | 2021-11-02 |
| CVE-2019-1010123 json | MODX Revolution Gallery 1.7.0 is affected by: CWE-434: Unrestricted Upload of File with Dangerous Type. The impact is: Creati... | 7.5 - HIGH | 2019-07-23 | 2019-10-09 |
| CVE-2018-1000208 json | MODX Revolution version <=2.6.4 contains a Directory Traversal vulnerability in /core/model/modx/modmanagerrequest.class.php ... | 7.5 - HIGH | 2018-07-13 | 2018-09-07 |
| CVE-2018-1000207 json | MODX Revolution version <=2.6.4 contains a Incorrect Access Control vulnerability in Filtering user parameters before passing... | 7.2 - HIGH | 2018-07-13 | 2019-10-03 |
| CVE-2018-20758 json | MODX Revolution through v2.7.0-pl allows XSS via User Settings such as Description. | 5.4 - MEDIUM | 2019-02-06 | 2019-10-23 |
| CVE-2018-20757 json | MODX Revolution through v2.7.0-pl allows XSS via an extended user field such as Container name or Attribute name. | 6.1 - MEDIUM | 2019-02-06 | 2019-02-06 |
| CVE-2018-20756 json | MODX Revolution through v2.7.0-pl allows XSS via a document resource (such as pagetitle), which is mishandled during an Updat... | 6.1 - MEDIUM | 2019-02-06 | 2019-02-06 |
| CVE-2018-20755 json | MODX Revolution through v2.7.0-pl allows XSS via the User Photo field. | 6.1 - MEDIUM | 2019-02-06 | 2019-02-06 |
| CVE-2018-17556 json | MODX Revolution v2.6.5-pl allows stored XSS via a Create New Media Source action. | 5.4 - MEDIUM | 2018-09-26 | 2018-11-15 |
| CVE-2018-10382 json | MODX Revolution 2.6.3 has XSS. | 5.4 - MEDIUM | 2018-06-01 | 2018-06-27 |
Known Affected Configurations (CPE V2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Modx | Modx Revolution | 2.7.2 | |||
| Application | Modx | Modx Revolution | 2.7.1 | |||
| Application | Modx | Modx Revolution | 2.7.0 | |||
| Application | Modx | Modx Revolution | 2.6.5 | |||
| Application | Modx | Modx Revolution | 2.6.4 | |||
| Application | Modx | Modx Revolution | 2.6.3 | |||
| Application | Modx | Modx Revolution | 2.6.2 | |||
| Application | Modx | Modx Revolution | 2.6.1 | |||
| Application | Modx | Modx Revolution | 2.6.0 | |||
| Application | Modx | Modx Revolution | 2.5.8 | |||
| Application | Modx | Modx Revolution | 2.5.7 | |||
| Application | Modx | Modx Revolution | 2.5.6 | |||
| Application | Modx | Modx Revolution | 2.5.5 | |||
| Application | Modx | Modx Revolution | 2.5.4 | |||
| Application | Modx | Modx Revolution | 2.5.3 | |||
| Application | Modx | Modx Revolution | 2.5.2 | |||
| Application | Modx | Modx Revolution | 2.5.1 | |||
| Application | Modx | Modx Revolution | 2.5.0 | |||
| Application | Modx | Modx Revolution | 2.5.0 | |||
| Application | Modx | Modx Revolution | 2.5.0 |