Known Vulnerabilities for products from Modx

Listed below are 20 of the newest known vulnerabilities associated with the vendor "Modx".

These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.

Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.

Known Vulnerabilities

CVE Shortened Description Severity Publish Date Last Modified
CVE-2022-26149 json MODX Revolution through 2.8.3-pl allows remote authenticated administrators to execute arbitrary code by uploading an executa... 7.2 - HIGH 2022-02-26 2023-03-27
CVE-2020-25911 json A XML External Entity (XXE) vulnerability was discovered in the modRestServiceRequest component in MODX CMS 2.7.3 which can l... 9.1 - CRITICAL 2021-10-31 2021-11-02
CVE-2019-1010178 json Fred MODX Revolution < 1.0.0-beta5 is affected by: Incorrect Access Control - CWE-648. The impact is: Remote Code Execution. ... 9.8 - CRITICAL 2019-07-24 2020-09-30
CVE-2019-1010123 json MODX Revolution Gallery 1.7.0 is affected by: CWE-434: Unrestricted Upload of File with Dangerous Type. The impact is: Creati... 7.5 - HIGH 2019-07-23 2019-10-09
CVE-2019-14518 json ** DISPUTED ** Evolution CMS 2.0.x allows XSS via a description and new category location in a template. NOTE: the vendor sta... 5.4 - MEDIUM 2019-08-15 2023-11-07
CVE-2018-1000208 json MODX Revolution version <=2.6.4 contains a Directory Traversal vulnerability in /core/model/modx/modmanagerrequest.class.php ... 7.5 - HIGH 2018-07-13 2018-09-07
CVE-2018-1000207 json MODX Revolution version <=2.6.4 contains a Incorrect Access Control vulnerability in Filtering user parameters before passing... 7.2 - HIGH 2018-07-13 2019-10-03
CVE-2018-20758 json MODX Revolution through v2.7.0-pl allows XSS via User Settings such as Description. 5.4 - MEDIUM 2019-02-06 2019-10-23
CVE-2018-20757 json MODX Revolution through v2.7.0-pl allows XSS via an extended user field such as Container name or Attribute name. 6.1 - MEDIUM 2019-02-06 2019-02-06
CVE-2018-20756 json MODX Revolution through v2.7.0-pl allows XSS via a document resource (such as pagetitle), which is mishandled during an Updat... 6.1 - MEDIUM 2019-02-06 2019-02-06
CVE-2018-20755 json MODX Revolution through v2.7.0-pl allows XSS via the User Photo field. 6.1 - MEDIUM 2019-02-06 2019-02-06
CVE-2018-17556 json MODX Revolution v2.6.5-pl allows stored XSS via a Create New Media Source action. 5.4 - MEDIUM 2018-09-26 2018-11-15
CVE-2018-16638 json Evolution CMS 1.4.x allows XSS via the manager/ search parameter. 5.4 - MEDIUM 2018-12-28 2019-02-26
CVE-2018-16637 json Evolution CMS 1.4.x allows XSS via the page weblink title parameter to the manager/ URI. 5.4 - MEDIUM 2018-12-28 2019-02-26
CVE-2018-10382 json MODX Revolution 2.6.3 has XSS. 5.4 - MEDIUM 2018-06-01 2018-06-27
CVE-2017-1000223 json A stored web content injection vulnerability (WCI, a.k.a XSS) is present in MODX Revolution CMS version 2.5.6 and earlier. An... Not Provided 2017-11-17 2025-04-20
CVE-2017-1000067 json MODX Revolution version 2.x - 2.5.6 is vulnerable to blind SQL injection caused by improper sanitization by the escape method... Not Provided 2017-07-17 2025-04-20
CVE-2017-11744 json In MODX Revolution 2.5.7, the "key" and "name" parameters in the System Settings module are vulnerable to XSS. A malicious pa... Not Provided 2017-07-30 2025-04-20
CVE-2017-9071 json In MODX Revolution before 2.5.7, an attacker might be able to trigger XSS by injecting a payload into the HTTP Host header of... Not Provided 2017-05-18 2025-04-20
CVE-2017-9070 json In MODX Revolution before 2.5.7, a user with resource edit permissions can inject an XSS payload into the title of any post v... Not Provided 2017-05-18 2025-04-20
Results limited to 20 most recent vulnerabilities

Known software with vulnerabilities from Modx

Type Vendor Product Version
ApplicationModxEvolution Cms1.3.0
ApplicationModxFred1.0.0
ApplicationModxModx Revolution1.5.1
ApplicationModxRevolution2.0.0
© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

Free CVE JSON API cve.report/api

CVE.report and Source URL Uptime Status status.cve.report