Revolution
by Modxcms
Source repositories
CVEs (8)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2015-6588 | Med | 0.40 | 6.1 | 0.01 | Aug 29, 2017 | Cross-site scripting (XSS) vulnerability in login-fsp.html in MODX Revolution before 1.9.1 allows remote attackers to inject arbitrary web script or HTML via the QUERY_STRING. | ||
| CVE-2018-17556 | Med | 0.35 | 5.4 | 0.01 | Sep 26, 2018 | MODX Revolution v2.6.5-pl allows stored XSS via a Create New Media Source action. | ||
| CVE-2018-20758 | 0.00 | — | 0.01 | Feb 6, 2019 | MODX Revolution through v2.7.0-pl allows XSS via User Settings such as Description. | |||
| CVE-2018-20756 | 0.00 | — | 0.01 | Feb 6, 2019 | MODX Revolution through v2.7.0-pl allows XSS via a document resource (such as pagetitle), which is mishandled during an Update action, a Quick Edit action, or the viewing of manager logs. | |||
| CVE-2018-20757 | 0.00 | — | 0.01 | Feb 6, 2019 | MODX Revolution through v2.7.0-pl allows XSS via an extended user field such as Container name or Attribute name. | |||
| CVE-2018-20755 | 0.00 | — | 0.01 | Feb 6, 2019 | MODX Revolution through v2.7.0-pl allows XSS via the User Photo field. | |||
| CVE-2018-1000208 | Hig | 0.00 | 7.5 | 0.02 | Jul 13, 2018 | MODX Revolution version <=2.6.4 contains a Directory Traversal vulnerability in /core/model/modx/modmanagerrequest.class.php that can result in remove files. This attack appear to be exploitable via web request via security/login processor. This vulnerability appears to have… | ||
| CVE-2018-10382 | Med | 0.00 | 5.4 | 0.01 | Jun 1, 2018 | MODX Revolution 2.6.3 has XSS. |
- risk 0.40cvss 6.1epss 0.01
Cross-site scripting (XSS) vulnerability in login-fsp.html in MODX Revolution before 1.9.1 allows remote attackers to inject arbitrary web script or HTML via the QUERY_STRING.
- risk 0.35cvss 5.4epss 0.01
MODX Revolution v2.6.5-pl allows stored XSS via a Create New Media Source action.
- CVE-2018-20758Feb 6, 2019risk 0.00cvss —epss 0.01
MODX Revolution through v2.7.0-pl allows XSS via User Settings such as Description.
- CVE-2018-20756Feb 6, 2019risk 0.00cvss —epss 0.01
MODX Revolution through v2.7.0-pl allows XSS via a document resource (such as pagetitle), which is mishandled during an Update action, a Quick Edit action, or the viewing of manager logs.
- CVE-2018-20757Feb 6, 2019risk 0.00cvss —epss 0.01
MODX Revolution through v2.7.0-pl allows XSS via an extended user field such as Container name or Attribute name.
- CVE-2018-20755Feb 6, 2019risk 0.00cvss —epss 0.01
MODX Revolution through v2.7.0-pl allows XSS via the User Photo field.
- risk 0.00cvss 7.5epss 0.02
MODX Revolution version <=2.6.4 contains a Directory Traversal vulnerability in /core/model/modx/modmanagerrequest.class.php that can result in remove files. This attack appear to be exploitable via web request via security/login processor. This vulnerability appears to have…
- risk 0.00cvss 5.4epss 0.01
MODX Revolution 2.6.3 has XSS.