VYPR

Revolution

by Modxcms

Source repositories

CVEs (8)

  • CVE-2015-6588MedAug 29, 2017
    risk 0.40cvss 6.1epss 0.01

    Cross-site scripting (XSS) vulnerability in login-fsp.html in MODX Revolution before 1.9.1 allows remote attackers to inject arbitrary web script or HTML via the QUERY_STRING.

  • CVE-2018-17556MedSep 26, 2018
    risk 0.35cvss 5.4epss 0.01

    MODX Revolution v2.6.5-pl allows stored XSS via a Create New Media Source action.

  • CVE-2018-20758Feb 6, 2019
    risk 0.00cvss epss 0.01

    MODX Revolution through v2.7.0-pl allows XSS via User Settings such as Description.

  • CVE-2018-20756Feb 6, 2019
    risk 0.00cvss epss 0.01

    MODX Revolution through v2.7.0-pl allows XSS via a document resource (such as pagetitle), which is mishandled during an Update action, a Quick Edit action, or the viewing of manager logs.

  • CVE-2018-20757Feb 6, 2019
    risk 0.00cvss epss 0.01

    MODX Revolution through v2.7.0-pl allows XSS via an extended user field such as Container name or Attribute name.

  • CVE-2018-20755Feb 6, 2019
    risk 0.00cvss epss 0.01

    MODX Revolution through v2.7.0-pl allows XSS via the User Photo field.

  • CVE-2018-1000208HigJul 13, 2018
    risk 0.00cvss 7.5epss 0.02

    MODX Revolution version <=2.6.4 contains a Directory Traversal vulnerability in /core/model/modx/modmanagerrequest.class.php that can result in remove files. This attack appear to be exploitable via web request via security/login processor. This vulnerability appears to have…

  • CVE-2018-10382MedJun 1, 2018
    risk 0.00cvss 5.4epss 0.01

    MODX Revolution 2.6.3 has XSS.