4 results (0.005 seconds)

CVSS: 5.0EPSS: 0%CPEs: 11EXPL: 0

Directory traversal vulnerability in MODx Evolution 1.0.4 and earlier allows remote attackers to read arbitrary files via unspecified vectors related to AjaxSearch, a different vulnerability than CVE-2010-1427. Vulnerabilidad de salto de directorio en MODx Evolution v1.0.4 y anteriores permite a atacantes remotos leer archivos de su elección a través de vectores no especificados relacionados con ajaxsearch, una vulnerabilidad diferente de CVE-2010-1427. • http://jvn.jp/en/jp/JVN95385972/index.html http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-000009.html http://modxcms.com/forums/index.php/topic%2C60045.0.html http://osvdb.org/70772 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 4.3EPSS: 0%CPEs: 11EXPL: 0

Multiple cross-site scripting (XSS) vulnerabilities in ModX Evolution before 1.0.5 allow remote attackers to inject arbitrary web script or HTML via the (1) installer or (2) image editor. Ejecución de secuencias de comandos en sitios cruzados (XSS) en modx Evolución anterior a v1.0.5 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del instalador (1) o (2) editor de imagen. • http://modxcms.com/forums/index.php/topic%2C60045.0.html http://www.securityfocus.com/bid/46154 https://exchange.xforce.ibmcloud.com/vulnerabilities/65164 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.5EPSS: 0%CPEs: 11EXPL: 0

SQL injection vulnerability in MODx Evolution 1.0.4 and earlier allows remote attackers to execute arbitrary SQL commands via unknown vectors related to AjaxSearch. Vulnerabilidad de inyección SQL en MODx Evolution v1.0.4 y anteriores permite a atacantes remotos ejecutar comandos SQL a través de vectores desconocidos relacionados con ajaxsearch. • http://jvn.jp/en/jp/JVN54092716/index.html http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-000008.html http://modxcms.com/forums/index.php/topic%2C60045.0.html http://osvdb.org/70771 https://exchange.xforce.ibmcloud.com/vulnerabilities/65082 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 4.3EPSS: 0%CPEs: 9EXPL: 0

Cross-site scripting (XSS) vulnerability in the SearchHighlight plugin in MODx Evolution before 1.0.3 allows remote attackers to inject arbitrary web script or HTML via unknown vectors related to AjaxSearch. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en el plugin SearchHighlight en MODx Evolution anterior v1.0.3 permite a atacantes remotos inyectar código web o HTML de su elección a través de vectores desconocidos relacionados con AjaxSearch. • http://jvn.jp/en/jp/JVN46669729/index.html http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-000013.html http://modxcms.com/forums/index.php/topic%2C47759.msg280304.html#msg280304 http://secunia.com/advisories/39298 https://exchange.xforce.ibmcloud.com/vulnerabilities/57635 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •