Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
modx vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2019-1010123
MODX Revolution Gallery 1.7.0 is affected by: CWE-434: Unrestricted Upload of File with Dangerous Type. The impact is: Creating file with custom a filename and content. The component is: Filtering user parameters before passing them into phpthumb class. The attack vector is: web ...
Modx Modx Revolution
4.3
CVSSv2
CVE-2017-7320
setup/controllers/language.php in MODX Revolution 2.5.4-pl and previous versions does not properly constrain the language parameter, which allows remote malicious users to conduct Cookie-Bombing attacks and cause a denial of service (cookie quota exhaustion), or conduct HTTP Resp...
Modx Modx Revolution
6.5
CVSSv2
CVE-2018-1000207
MODX Revolution version <=2.6.4 contains a Incorrect Access Control vulnerability in Filtering user parameters before passing them into phpthumb class that can result in Creating file with custom a filename and content. This attack appear to be exploitable via Web request. Thi...
Modx Modx Revolution
6.4
CVSSv2
CVE-2018-1000208
MODX Revolution version <=2.6.4 contains a Directory Traversal vulnerability in /core/model/modx/modmanagerrequest.class.php that can result in remove files. This attack appear to be exploitable via web request via security/login processor. This vulnerability appears to have b...
Modx Modx Revolution
4.3
CVSSv2
CVE-2015-6588
Cross-site scripting (XSS) vulnerability in login-fsp.html in MODX Revolution prior to 1.9.1 allows remote malicious users to inject arbitrary web script or HTML via the QUERY_STRING.
Modx Modx Revolution
6.8
CVSSv2
CVE-2017-7322
The (1) update and (2) package-installation features in MODX Revolution 2.5.4-pl and previous versions do not verify X.509 certificates from SSL servers, which allows man-in-the-middle malicious users to spoof servers and trigger the execution of arbitrary code via a crafted cert...
Modx Modx Revolution
3.5
CVSSv2
CVE-2018-20758
MODX Revolution through v2.7.0-pl allows XSS via User Settings such as Description.
Modx Modx Revolution
6.5
CVSSv2
CVE-2017-9069
In MODX Revolution prior to 2.5.7, a user with file upload permissions is able to execute arbitrary code by uploading a file with the name .htaccess.
Modx Modx Revolution
3.5
CVSSv2
CVE-2017-9070
In MODX Revolution prior to 2.5.7, a user with resource edit permissions can inject an XSS payload into the title of any post via the pagetitle parameter to connectors/index.php.
Modx Modx Revolution
2.6
CVSSv2
CVE-2017-9071
In MODX Revolution prior to 2.5.7, an attacker might be able to trigger XSS by injecting a payload into the HTTP Host header of a request. This is exploitable only in conjunction with other issues such as Cache Poisoning.
Modx Modx Revolution
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »