Modx: >> Modx Revolution >> 2.6.3 Security Vulnerabilities
MODX Revolution Gallery 1.7.0 is affected by: CWE-434: Unrestricted Upload of File with Dangerous Type. The impact is: Creating file with custom a filename and content. The component is: Filtering user parameters before passing them into phpthumb class. The attack vector is: web request via /assets/components/gallery/connector.php.
CVSS Score
7.5
EPSS Score
0.002
Published
2019-07-23
MODX Revolution through v2.7.0-pl allows XSS via the User Photo field.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-02-06
MODX Revolution through v2.7.0-pl allows XSS via a document resource (such as pagetitle), which is mishandled during an Update action, a Quick Edit action, or the viewing of manager logs.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-02-06
MODX Revolution through v2.7.0-pl allows XSS via an extended user field such as Container name or Attribute name.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-02-06
MODX Revolution through v2.7.0-pl allows XSS via User Settings such as Description.
CVSS Score
5.4
EPSS Score
0.002
Published
2019-02-06
MODX Revolution version <=2.6.4 contains a Incorrect Access Control vulnerability in Filtering user parameters before passing them into phpthumb class that can result in Creating file with custom a filename and content. This attack appear to be exploitable via Web request. This vulnerability appears to have been fixed in commit 06bc94257408f6a575de20ddb955aca505ef6e68.
CVSS Score
7.2
EPSS Score
0.04
Published
2018-07-13
MODX Revolution version <=2.6.4 contains a Directory Traversal vulnerability in /core/model/modx/modmanagerrequest.class.php that can result in remove files. This attack appear to be exploitable via web request via security/login processor. This vulnerability appears to have been fixed in pull 13980.
CVSS Score
7.5
EPSS Score
0.003
Published
2018-07-13
MODX Revolution 2.6.3 has XSS.
CVSS Score
5.4
EPSS Score
0.002
Published
2018-06-01