Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
revolution vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2011-1953
Multiple cross-site scripting (XSS) vulnerabilities in common.php in Post Revolution prior to 0.8.0c-2 allow remote malicious users to inject arbitrary web script or HTML via an attribute of a (1) P, a (2) STRONG, a (3) A, a (4) EM, a (5) I, a (6) IMG, a (7) LI, an (8) OL, a (9) ...
Postrev Post Revolution 0.7.0
Postrev Post Revolution
Postrev Post Revolution 0.8.0b
Postrev Post Revolution 0.8.0
Postrev Post Revolution 0.6.4
Postrev Post Revolution 0.6.3
Postrev Post Revolution 0.6.2
Postrev Post Revolution 0.6.6
Postrev Post Revolution 0.6.5
4.3
CVSSv2
CVE-2018-20755
MODX Revolution through v2.7.0-pl allows XSS via the User Photo field.
Modx Modx Revolution 2.7.0
Modx Modx Revolution
4.3
CVSSv2
CVE-2018-20756
MODX Revolution through v2.7.0-pl allows XSS via a document resource (such as pagetitle), which is mishandled during an Update action, a Quick Edit action, or the viewing of manager logs.
Modx Modx Revolution
Modx Modx Revolution 2.7.0
4.3
CVSSv2
CVE-2018-20757
MODX Revolution through v2.7.0-pl allows XSS via an extended user field such as Container name or Attribute name.
Modx Modx Revolution
Modx Modx Revolution 2.7.0
5.4
CVSSv2
CVE-2014-7632
The news revolution - bahrain (aka com.news.revolution.BH) application 3.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle malicious users to spoof servers and obtain sensitive information via a crafted certificate.
News Revolution - Bahrain Project News Revolution - Bahrain 3.2
6.5
CVSSv2
CVE-2022-26149
MODX Revolution up to and including 2.8.3-pl allows remote authenticated administrators to execute arbitrary code by uploading an executable file, because the Uploadable File Types setting can be changed by an administrator.
Modx Revolution
7.5
CVSSv2
CVE-2015-1400
SQL injection vulnerability in search.php in NPDS Revolution 13 allows remote malicious users to execute arbitrary SQL commands via the query parameter.
Npds Revolution 13.0
1 EDB exploit
7.5
CVSSv2
CVE-2017-7321
setup/controllers/welcome.php in MODX Revolution 2.5.4-pl and previous versions allows remote malicious users to execute arbitrary PHP code via the config_key parameter to the setup/index.php?action=welcome URI.
Modx Modx Revolution
6.8
CVSSv2
CVE-2017-7322
The (1) update and (2) package-installation features in MODX Revolution 2.5.4-pl and previous versions do not verify X.509 certificates from SSL servers, which allows man-in-the-middle malicious users to spoof servers and trigger the execution of arbitrary code via a crafted cert...
Modx Modx Revolution
6.8
CVSSv2
CVE-2017-7323
The (1) update and (2) package-installation features in MODX Revolution 2.5.4-pl and previous versions use http://rest.modx.com by default, which allows man-in-the-middle malicious users to spoof servers and trigger the execution of arbitrary code by leveraging the lack of the HT...
Modx Modx Revolution
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3581
reflected XSS
CVE-2024-26925
CVE-2024-27956
LFI
CVE-2024-3607
CVE-2024-3107
CVE-2024-3295
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »