Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
revolution vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2019-1010123
MODX Revolution Gallery 1.7.0 is affected by: CWE-434: Unrestricted Upload of File with Dangerous Type. The impact is: Creating file with custom a filename and content. The component is: Filtering user parameters before passing them into phpthumb class. The attack vector is: web ...
Modx Modx Revolution
6.1
CVSSv3
CVE-2018-20755
MODX Revolution through v2.7.0-pl allows XSS via the User Photo field.
Modx Modx Revolution 2.7.0
Modx Modx Revolution
6.1
CVSSv3
CVE-2018-20756
MODX Revolution through v2.7.0-pl allows XSS via a document resource (such as pagetitle), which is mishandled during an Update action, a Quick Edit action, or the viewing of manager logs.
Modx Modx Revolution
Modx Modx Revolution 2.7.0
6.1
CVSSv3
CVE-2018-20757
MODX Revolution through v2.7.0-pl allows XSS via an extended user field such as Container name or Attribute name.
Modx Modx Revolution
Modx Modx Revolution 2.7.0
5.4
CVSSv3
CVE-2018-20758
MODX Revolution through v2.7.0-pl allows XSS via User Settings such as Description.
Modx Modx Revolution
5.4
CVSSv3
CVE-2018-17556
MODX Revolution v2.6.5-pl allows stored XSS via a Create New Media Source action.
Modx Modx Revolution 2.6.5
7.5
CVSSv3
CVE-2018-1000208
MODX Revolution version <=2.6.4 contains a Directory Traversal vulnerability in /core/model/modx/modmanagerrequest.class.php that can result in remove files. This attack appear to be exploitable via web request via security/login processor. This vulnerability appears to have b...
Modx Modx Revolution
7.2
CVSSv3
CVE-2018-1000207
MODX Revolution version <=2.6.4 contains a Incorrect Access Control vulnerability in Filtering user parameters before passing them into phpthumb class that can result in Creating file with custom a filename and content. This attack appear to be exploitable via Web request. Thi...
Modx Modx Revolution
5.4
CVSSv3
CVE-2018-10382
MODX Revolution 2.6.3 has XSS.
Modx Modx Revolution 2.6.3
5.4
CVSSv3
CVE-2017-1000223
A stored web content injection vulnerability (WCI, a.k.a XSS) is present in MODX Revolution CMS version 2.5.6 and previous versions. An authenticated user with permissions to edit users can save malicious JavaScript as a User Group name and potentially take control over victims...
Modx Modx Revolution
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
encryption
CVE-2024-4331
CVE-2024-26925
arbitrary code
CVE-2006-4304
CVE-2024-25458
CVE-2024-27077
reflected XSS
CVE-2024-4059
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »