VYPR

Revolution

by Modx

Source repositories

CVEs (36)

  • CVE-2014-8775Dec 3, 2014
    risk 0.03cvss epss 0.03

    MODX Revolution 2.x before 2.2.15 does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie.

  • CVE-2014-8774Dec 3, 2014
    risk 0.03cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in manager/index.php in MODX Revolution 2.x before 2.2.15 allows remote attackers to inject arbitrary web script or HTML via the context_key parameter.

  • CVE-2014-8773Dec 3, 2014
    risk 0.03cvss epss 0.01

    MODX Revolution 2.x before 2.2.15 allows remote attackers to bypass the cross-site request forgery (CSRF) protection mechanism by (1) omitting the CSRF token or via a (2) long string in the CSRF token parameter.

  • CVE-2010-4883Oct 7, 2011
    risk 0.03cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in manager/index.php in MODx Revolution 2.0.2-pl allows remote attackers to inject arbitrary web script or HTML via the modhash parameter.

  • CVE-2019-1010123Jul 23, 2019
    risk 0.00cvss epss 0.01

    MODX Revolution Gallery 1.7.0 is affected by: CWE-434: Unrestricted Upload of File with Dangerous Type. The impact is: Creating file with custom a filename and content. The component is: Filtering user parameters before passing them into phpthumb class. The attack vector is: web…

  • CVE-2018-1000208HigJul 13, 2018
    risk 0.00cvss 7.5epss 0.02

    MODX Revolution version <=2.6.4 contains a Directory Traversal vulnerability in /core/model/modx/modmanagerrequest.class.php that can result in remove files. This attack appear to be exploitable via web request via security/login processor. This vulnerability appears to have…

  • CVE-2018-10382MedJun 1, 2018
    risk 0.00cvss 5.4epss 0.01

    MODX Revolution 2.6.3 has XSS.

  • CVE-2014-8992Dec 22, 2014
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in manager/assets/fileapi/FileAPI.flash.image.swf in MODX Revolution 2.3.2-pl allows remote attackers to inject arbitrary web script or HTML via the callback parameter.

  • CVE-2014-5451Nov 6, 2014
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in manager/templates/default/header.tpl in MODX Revolution 2.3.1-pl and earlier allows remote attackers to inject arbitrary web script or HTML via the "a" parameter to manager/. NOTE: this issue exists because of a CVE-2014-2080…

  • CVE-2014-2736Apr 24, 2014
    risk 0.00cvss epss 0.01

    Multiple SQL injection vulnerabilities in MODX Revolution before 2.2.14 allow remote attackers to execute arbitrary SQL commands via the (1) session ID (PHPSESSID) to index.php or remote authenticated users to execute arbitrary SQL commands via the (2) user parameter to…

  • CVE-2014-2311Mar 11, 2014
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in modx.class.php in MODX Revolution 2.0.0 before 2.2.13 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

  • CVE-2014-2080Mar 1, 2014
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in manager/templates/default/header.tpl in ModX Revolution before 2.2.11 allows remote attackers to inject arbitrary web script or HTML via the "a" parameter.

  • CVE-2011-0741Feb 2, 2011
    risk 0.00cvss epss 0.02

    Multiple cross-site scripting (XSS) vulnerabilities in ModX Evolution before 1.0.5 allow remote attackers to inject arbitrary web script or HTML via the (1) installer or (2) image editor.

  • CVE-2010-3930Feb 2, 2011
    risk 0.00cvss epss 0.02

    Directory traversal vulnerability in MODx Evolution 1.0.4 and earlier allows remote attackers to read arbitrary files via unspecified vectors related to AjaxSearch, a different vulnerability than CVE-2010-1427.

  • CVE-2010-1427Apr 15, 2010
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in the SearchHighlight plugin in MODx Evolution before 1.0.3 allows remote attackers to inject arbitrary web script or HTML via unknown vectors related to AjaxSearch.

  • CVE-2010-1426Apr 15, 2010
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in MODx Evolution before 1.0.3 allows remote attackers to execute arbitrary SQL commands via unknown vectors related to WebLogin.

Page 2 of 2