CVSS: 9.8EPSS: 0%CPEs: 9EXPL: 0CVE-2010-1426
https://notcve.org/view.php?id=CVE-2010-1426
15 Apr 2010 — SQL injection vulnerability in MODx Evolution before 1.0.3 allows remote attackers to execute arbitrary SQL commands via unknown vectors related to WebLogin. Vulnerabilidad de inyección SQL en MODx Evolution anterior a 1.0.3, permite a atacantes remotos ejecutar comandos SQL de su elección a través de vectores desconocidos relacionados con WebLogin. • http://jvn.jp/en/jp/JVN19774883/index.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 2CVE-2008-7242 – MODx 0.9.6 - 'index.php' Multiple Cross-Site Scripting Vulnerabilities
https://notcve.org/view.php?id=CVE-2008-7242
17 Sep 2009 — Multiple cross-site scripting (XSS) vulnerabilities in MODx CMS 0.9.6.1 and 0.9.6.1p1 allo remote attackers to inject arbitrary web script or HTML via the (1) search, (2) "a," (3) messagesubject, and (4) messagebody parameters to certain pages as reachable from manager/index.php; (5) highlight, (6) id, (7) email, (8) name, and (9) parent parameters to index.php; and the (10) docgrp and (11) moreResultsPage parameters to index-ajax.php. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sit... • https://www.exploit-db.com/exploits/31120 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 1CVE-2008-7243
https://notcve.org/view.php?id=CVE-2008-7243
17 Sep 2009 — Cross-site request forgery (CSRF) vulnerability in page 34 in MODx CMS 0.9.6.1 and 0.9.6.1p1 allows remote attackers to hijack the authentication of other users for requests that modify passwords via manager/index.php. NOTE: due to the lack of details, it is not clear whether this is related to CVE-2008-5941. Vulnerabilidad de falsificación de petición en sitios cruzados (CSRF) en la pagina 34 en MODx CMS v0.9.6.1 y v0.9.6.1p1 permite a atacantes remotos secuestrar la autenticación de otros usuarios para la... • http://secunia.com/advisories/28840 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.8EPSS: 3%CPEs: 7EXPL: 2CVE-2008-5938 – MODx CMS 0.9.6.2 - Remote File Inclusion / Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2008-5938
22 Jan 2009 — PHP remote file inclusion vulnerability in assets/snippets/reflect/snippet.reflect.php in MODx CMS 0.9.6.2 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary PHP code via a URL in the reflect_base parameter. Vulnerabilidad de inclusión remota de archivos en PHP en assets/snippets/reflect/snippet.reflect.php en MODx CMS v0.9.6.2 y versiones anteriores, cuando magic_quotes_gpc no está activo, permite a atacantes remotos ejecutar código PHP de su elección a través de u... • https://www.exploit-db.com/exploits/7204 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.1EPSS: 3%CPEs: 7EXPL: 2CVE-2008-5939 – MODx CMS 0.9.6.2 - Remote File Inclusion / Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2008-5939
22 Jan 2009 — Cross-site scripting (XSS) vulnerability in index.php in MODx CMS 0.9.6.2 and earlier allows remote attackers to inject arbitrary web script or HTML via a JavaScript event in the username field, possibly related to snippet.ditto.php. NOTE: some sources list the id parameter as being affected, but this is probably incorrect based on the original disclosure. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en index.php en MODx CMS 0.9.6.2 y anteriores permite a atacantes remotos inyectar secu... • https://www.exploit-db.com/exploits/7204 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 7EXPL: 0CVE-2008-5940
https://notcve.org/view.php?id=CVE-2008-5940
22 Jan 2009 — SQL injection vulnerability in index.php in MODx 0.9.6.2 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the searchid parameter. NOTE: some of these details are obtained from third party information. Vulnerabilidad de inyección SQL en index.php en MODx v0.9.6.2 y versiones anteriores, cuando magic_quotes_gpc no está activo, permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro "searchid". NOTA: algunos de estos d... • http://jvn.jp/en/jp/JVN72630020/index.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0CVE-2008-5941
https://notcve.org/view.php?id=CVE-2008-5941
22 Jan 2009 — Cross-site request forgery (CSRF) vulnerability in MODx 0.9.6.1p2 and earlier allows remote attackers to perform unauthorized actions as other users via unknown vectors. Vulnerabilidad de falsificación de petición en sitios cruzados (CSRF) en MODx 0.9.6.1p2 y anteriores permite a atacantes remotos realizar acciones no autorizadas como otros usuarios mediante vectores desconocidos. • http://jvn.jp/en/jp/JVN66828183/index.html • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 0%CPEs: 7EXPL: 0CVE-2008-5942
https://notcve.org/view.php?id=CVE-2008-5942
22 Jan 2009 — Multiple cross-site scripting (XSS) vulnerabilities in MODx before 0.9.6.3 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) the preserveUrls function and (2) "username input." NOTE: vector 2 may be related to CVE-2008-5939. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en MODx anterior a v0.9.6.3 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través de vectores relacionados con (1) la función pre... • http://jvn.jp/en/jp/JVN10170564/index.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.1EPSS: 9%CPEs: 1EXPL: 4CVE-2008-0094 – MODx 0.9.6.1 - 'AjaxSearch.php' Local File Inclusion
https://notcve.org/view.php?id=CVE-2008-0094
08 Jan 2008 — Multiple directory traversal vulnerabilities in MODx Content Management System 0.9.6.1 allow remote attackers to (1) include and execute arbitrary local files via a .. (dot dot) in the as_language parameter to assets/snippets/AjaxSearch/AjaxSearch.php, reached through index-ajax.php; and (2) read arbitrary local files via a .. (dot dot) in the file parameter to assets/js/htcmime.php. Múltiples vulnerabilidades de salto de directorio en MODx Content Management System 0.9.6.1 permiten a atacantes remotos (1) ... • https://www.exploit-db.com/exploits/30969 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •