CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 1CVE-2020-25911
https://notcve.org/view.php?id=CVE-2020-25911
31 Oct 2021 — A XML External Entity (XXE) vulnerability was discovered in the modRestServiceRequest component in MODX CMS 2.7.3 which can lead to an information disclosure or denial of service (DOS). Se detectó una vulnerabilidad de entidad externa XML (XXE) en el componente modRestServiceRequest en MODX CMS versión 2.7.3, que puede conllevar a una divulgación de información o denegación de servicio (DOS) • https://github.com/dahua966/Vul_disclose/blob/main/XXE_modxcms.md • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2019-1010123
https://notcve.org/view.php?id=CVE-2019-1010123
23 Jul 2019 — MODX Revolution Gallery 1.7.0 is affected by: CWE-434: Unrestricted Upload of File with Dangerous Type. The impact is: Creating file with custom a filename and content. The component is: Filtering user parameters before passing them into phpthumb class. The attack vector is: web request via /assets/components/gallery/connector.php. MODX Revolution Gallery versión 1.7.0, está afectado por: CWE-434: Carga sin Restricciones de Archivos con Tipos Peligrosos. • https://modx.pro/security/15912#comment-99640 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 1CVE-2018-20755
https://notcve.org/view.php?id=CVE-2018-20755
06 Feb 2019 — MODX Revolution through v2.7.0-pl allows XSS via the User Photo field. MODX Revolution, hasta la versión v2.7.0-pl, permite Cross-Site Scripting (XSS) mediante el campo User Photo. • https://github.com/modxcms/revolution/issues/14102 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 1CVE-2018-20756
https://notcve.org/view.php?id=CVE-2018-20756
06 Feb 2019 — MODX Revolution through v2.7.0-pl allows XSS via a document resource (such as pagetitle), which is mishandled during an Update action, a Quick Edit action, or the viewing of manager logs. MODX Revolution, hasta la versión v2.7.0-pl, permite Cross-Site Scripting (XSS) mediante un recurso de documento (como un pagetitle), que se gestiona de manera incorrecta durante una acción Update, Quick Edit, o durante la visualización de los registros de administración. • https://github.com/modxcms/revolution/issues/14105 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 1CVE-2018-20757
https://notcve.org/view.php?id=CVE-2018-20757
06 Feb 2019 — MODX Revolution through v2.7.0-pl allows XSS via an extended user field such as Container name or Attribute name. MODX Revolution, hasta la versión v2.7.0-pl, permite Cross-Site Scripting (XSS) mediante un campo de usuario extendido, como los nombres de Container o Attribute. • https://github.com/modxcms/revolution/issues/14104 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2018-20758
https://notcve.org/view.php?id=CVE-2018-20758
06 Feb 2019 — MODX Revolution through v2.7.0-pl allows XSS via User Settings such as Description. MODX Revolution, hasta la versión v2.7.0-pl, permite Cross-Site Scripting (XSS) mediante las opciones de usuario como "Description". • https://github.com/modxcms/revolution/issues/14103 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2018-17556
https://notcve.org/view.php?id=CVE-2018-17556
26 Sep 2018 — MODX Revolution v2.6.5-pl allows stored XSS via a Create New Media Source action. MODX Revolution v2.6.5-pl permite Cross-Site Scripting (XSS) persistente mediante una acción Create New Media Source. • https://github.com/modxcms/revolution/issues/14094 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.2EPSS: 4%CPEs: 1EXPL: 3CVE-2018-1000207 – Modx Revolution Remote Code Execution
https://notcve.org/view.php?id=CVE-2018-1000207
13 Jul 2018 — MODX Revolution version <=2.6.4 contains a Incorrect Access Control vulnerability in Filtering user parameters before passing them into phpthumb class that can result in Creating file with custom a filename and content. This attack appear to be exploitable via Web request. This vulnerability appears to have been fixed in commit 06bc94257408f6a575de20ddb955aca505ef6e68. MODX Revolution en versiones iguales o anteriores a la 2.6.4 contiene una vulnerabilidad de control de acceso incorrecto en el filtrado de p... • https://packetstorm.news/files/id/148597 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2018-1000208
https://notcve.org/view.php?id=CVE-2018-1000208
13 Jul 2018 — MODX Revolution version <=2.6.4 contains a Directory Traversal vulnerability in /core/model/modx/modmanagerrequest.class.php that can result in remove files. This attack appear to be exploitable via web request via security/login processor. This vulnerability appears to have been fixed in pull 13980. MODX Revolution en versiones iguales o anteriores a la 2.6.4 contiene una vulnerabilidad de salto de directorio en /core/model/modx/modmanagerrequest.class.php que puede resultar en la eliminación de archivos. ... • https://github.com/modxcms/revolution/pull/13980 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2018-10382
https://notcve.org/view.php?id=CVE-2018-10382
01 Jun 2018 — MODX Revolution 2.6.3 has XSS. MODX Revolution 2.6.3 tiene Cross-Site Scripting (XSS). • https://github.com/modxcms/revolution/pull/13887 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •