modx/revolution Security Advisories (10)
-
[LOW] MODX allows cross-site scripting (XSS) via an SVG file
PKSA-xzqv-w6dn-tnz5 CVE-2025-28010 GHSA-hm54-fg2w-2g6j
Affected version: <=3.1.0
Reported by:
GitHub -
[MEDIUM] MODX Revolution Reflected XSS
PKSA-3f47-8ppn-z63n CVE-2017-9068 GHSA-vrw6-7vgj-vj7x
Affected version: <2.5.7
Reported by:
GitHub -
[HIGH] MODX Revolution allows overwriting .htaccess
PKSA-zgjx-d83q-84pr CVE-2017-9069 GHSA-23gj-x27g-r34f
Affected version: <2.5.7
Reported by:
GitHub -
[MEDIUM] MODX Revolution cross-site scripting vulnerability
PKSA-xw8y-jfrt-95jx CVE-2017-9070 GHSA-7hhg-xj2h-5vq9
Affected version: <2.5.7
Reported by:
GitHub -
[MEDIUM] MODX Revolution XSS via HTTP Host header
PKSA-3rn9-vnj8-trvb CVE-2017-9071 GHSA-p2j4-vrgx-96qg
Affected version: <2.5.7
Reported by:
GitHub -
[HIGH] MODX Revolution Directory Traversal Vulnerability
PKSA-xgyg-tx1y-hmm7 CVE-2017-9067 GHSA-cgrv-6h2h-6f7v
Affected version: <2.5.7
Reported by:
GitHub -
[HIGH] MODX Revolution blind SQL injection
PKSA-gd3t-q6s1-yszf CVE-2017-1000067 GHSA-phhm-6pgm-mxw9
Affected version: >=2.0.0,<=2.5.6
Reported by:
GitHub -
[HIGH] MODX Revolution Incorrect Access Control vulnerability
PKSA-kcck-wkpg-fctq CVE-2018-1000207 GHSA-m899-6mh4-mpc5
Affected version: <=2.6.4
Reported by:
GitHub -
[HIGH] Unrestricted Upload of File with Dangerous Type in MODX Revolution
PKSA-742p-bz18-z52m CVE-2022-26149 GHSA-j8jp-9x42-4pj5
Affected version: <=2.8.3-pl
Reported by:
GitHub -
[CRITICAL] XML External Entity vulnerability in MODX CMS
PKSA-bqwv-kpq3-qmj9 CVE-2020-25911 GHSA-vhfp-9wvj-gwvg
Affected version: <2.8.0
Reported by:
GitHub