CVSS: 9.8EPSS: 0%CPEs: 27EXPL: 0CVE-2014-2311
https://notcve.org/view.php?id=CVE-2014-2311
11 Mar 2014 — SQL injection vulnerability in modx.class.php in MODX Revolution 2.0.0 before 2.2.13 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Vulnerabilidad de inyección SQL en modx.class.php en MODX Revolution 2.0.0 anterior a 2.2.13 permite a atacantes remotos ejecutar comandos SQL arbitrarios a través de vectores no especificados. • http://forums.modx.com/thread/89486/modx-revolution-2-x-sql-injection • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 26EXPL: 1CVE-2014-2080
https://notcve.org/view.php?id=CVE-2014-2080
28 Feb 2014 — Cross-site scripting (XSS) vulnerability in manager/templates/default/header.tpl in ModX Revolution before 2.2.11 allows remote attackers to inject arbitrary web script or HTML via the "a" parameter. Vulnerabilidad de XSS en manager/templates/default/header.tpl en ModX Revolution en versiones anteriores a 2.2.11 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del parámetro "a". • http://modx.com/blog/2014/01/21/revolution-2.2.11%E2%80%94security-fixes-and-prevent-change-loss • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 23%CPEs: 1EXPL: 1CVE-2010-5278 – MODx manager - '/controllers/default/resource/tvs.php?class_key' Traversal Local File Inclusion
https://notcve.org/view.php?id=CVE-2010-5278
07 Oct 2012 — Directory traversal vulnerability in manager/controllers/default/resource/tvs.php in MODx Revolution 2.0.2-pl, and possibly earlier, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the class_key parameter. NOTE: some of these details are obtained from third party information. Vulnerabilidad de salto de directorio en manager/controllers/default/resource/tvs.php n MODx Revolution v2.0.2-pl, y posiblemente anteriores, cuando está deshabilitado magic_quot... • https://www.exploit-db.com/exploits/34788 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.1EPSS: 8%CPEs: 1EXPL: 4CVE-2010-4883 – MODx 2.0.2-pl - '/manager/index.php?modahsh' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2010-4883
07 Oct 2011 — Cross-site scripting (XSS) vulnerability in manager/index.php in MODx Revolution 2.0.2-pl allows remote attackers to inject arbitrary web script or HTML via the modhash parameter. vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en manager/index.php en MODx Revolution v2.0.2-pl, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro modhash. • https://www.exploit-db.com/exploits/34787 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •