Known Vulnerabilities for products from Modx
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Modx".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2022-26149 json | MODX Revolution through 2.8.3-pl allows remote authenticated administrators to execute arbitrary code by uploading an executa... | 7.2 - HIGH | 2022-02-26 | 2023-03-27 |
| CVE-2020-25911 json | A XML External Entity (XXE) vulnerability was discovered in the modRestServiceRequest component in MODX CMS 2.7.3 which can l... | 9.1 - CRITICAL | 2021-10-31 | 2021-11-02 |
| CVE-2019-1010178 json | Fred MODX Revolution < 1.0.0-beta5 is affected by: Incorrect Access Control - CWE-648. The impact is: Remote Code Execution. ... | 9.8 - CRITICAL | 2019-07-24 | 2020-09-30 |
| CVE-2019-1010123 json | MODX Revolution Gallery 1.7.0 is affected by: CWE-434: Unrestricted Upload of File with Dangerous Type. The impact is: Creati... | 7.5 - HIGH | 2019-07-23 | 2019-10-09 |
| CVE-2019-14518 json | ** DISPUTED ** Evolution CMS 2.0.x allows XSS via a description and new category location in a template. NOTE: the vendor sta... | 5.4 - MEDIUM | 2019-08-15 | 2023-11-07 |
| CVE-2018-1000208 json | MODX Revolution version <=2.6.4 contains a Directory Traversal vulnerability in /core/model/modx/modmanagerrequest.class.php ... | 7.5 - HIGH | 2018-07-13 | 2018-09-07 |
| CVE-2018-1000207 json | MODX Revolution version <=2.6.4 contains a Incorrect Access Control vulnerability in Filtering user parameters before passing... | 7.2 - HIGH | 2018-07-13 | 2019-10-03 |
| CVE-2018-20758 json | MODX Revolution through v2.7.0-pl allows XSS via User Settings such as Description. | 5.4 - MEDIUM | 2019-02-06 | 2019-10-23 |
| CVE-2018-20757 json | MODX Revolution through v2.7.0-pl allows XSS via an extended user field such as Container name or Attribute name. | 6.1 - MEDIUM | 2019-02-06 | 2019-02-06 |
| CVE-2018-20756 json | MODX Revolution through v2.7.0-pl allows XSS via a document resource (such as pagetitle), which is mishandled during an Updat... | 6.1 - MEDIUM | 2019-02-06 | 2019-02-06 |
| CVE-2018-20755 json | MODX Revolution through v2.7.0-pl allows XSS via the User Photo field. | 6.1 - MEDIUM | 2019-02-06 | 2019-02-06 |
| CVE-2018-17556 json | MODX Revolution v2.6.5-pl allows stored XSS via a Create New Media Source action. | 5.4 - MEDIUM | 2018-09-26 | 2018-11-15 |
| CVE-2018-16638 json | Evolution CMS 1.4.x allows XSS via the manager/ search parameter. | 5.4 - MEDIUM | 2018-12-28 | 2019-02-26 |
| CVE-2018-16637 json | Evolution CMS 1.4.x allows XSS via the page weblink title parameter to the manager/ URI. | 5.4 - MEDIUM | 2018-12-28 | 2019-02-26 |
| CVE-2018-10382 json | MODX Revolution 2.6.3 has XSS. | 5.4 - MEDIUM | 2018-06-01 | 2018-06-27 |
| CVE-2017-1000223 json | A stored web content injection vulnerability (WCI, a.k.a XSS) is present in MODX Revolution CMS version 2.5.6 and earlier. An... | Not Provided | 2017-11-17 | 2025-04-20 |
| CVE-2017-1000067 json | MODX Revolution version 2.x - 2.5.6 is vulnerable to blind SQL injection caused by improper sanitization by the escape method... | Not Provided | 2017-07-17 | 2025-04-20 |
| CVE-2017-11744 json | In MODX Revolution 2.5.7, the "key" and "name" parameters in the System Settings module are vulnerable to XSS. A malicious pa... | Not Provided | 2017-07-30 | 2025-04-20 |
| CVE-2017-9071 json | In MODX Revolution before 2.5.7, an attacker might be able to trigger XSS by injecting a payload into the HTTP Host header of... | Not Provided | 2017-05-18 | 2025-04-20 |
| CVE-2017-9070 json | In MODX Revolution before 2.5.7, a user with resource edit permissions can inject an XSS payload into the title of any post v... | Not Provided | 2017-05-18 | 2025-04-20 |
Known software with vulnerabilities from Modx
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Modx | Evolution Cms | 1.3.0 |
| Application | Modx | Fred | 1.0.0 |
| Application | Modx | Modx Revolution | 1.5.1 |
| Application | Modx | Revolution | 2.0.0 |