Revolution
by Modxcms
Source repositories
CVEs (5)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-20758 | 0.00 | — | 0.00 | Feb 6, 2019 | MODX Revolution through v2.7.0-pl allows XSS via User Settings such as Description. | |||
| CVE-2018-20755 | 0.00 | — | 0.00 | Feb 6, 2019 | MODX Revolution through v2.7.0-pl allows XSS via the User Photo field. | |||
| CVE-2018-20756 | 0.00 | — | 0.00 | Feb 6, 2019 | MODX Revolution through v2.7.0-pl allows XSS via a document resource (such as pagetitle), which is mishandled during an Update action, a Quick Edit action, or the viewing of manager logs. | |||
| CVE-2018-20757 | 0.00 | — | 0.00 | Feb 6, 2019 | MODX Revolution through v2.7.0-pl allows XSS via an extended user field such as Container name or Attribute name. | |||
| CVE-2018-17556 | 0.00 | — | 0.00 | Sep 26, 2018 | MODX Revolution v2.6.5-pl allows stored XSS via a Create New Media Source action. |
- CVE-2018-20758Feb 6, 2019risk 0.00cvss —epss 0.00
MODX Revolution through v2.7.0-pl allows XSS via User Settings such as Description.
- CVE-2018-20755Feb 6, 2019risk 0.00cvss —epss 0.00
MODX Revolution through v2.7.0-pl allows XSS via the User Photo field.
- CVE-2018-20756Feb 6, 2019risk 0.00cvss —epss 0.00
MODX Revolution through v2.7.0-pl allows XSS via a document resource (such as pagetitle), which is mishandled during an Update action, a Quick Edit action, or the viewing of manager logs.
- CVE-2018-20757Feb 6, 2019risk 0.00cvss —epss 0.00
MODX Revolution through v2.7.0-pl allows XSS via an extended user field such as Container name or Attribute name.
- CVE-2018-17556Sep 26, 2018risk 0.00cvss —epss 0.00
MODX Revolution v2.6.5-pl allows stored XSS via a Create New Media Source action.