Modxcms: >> Evolution >> 0.9.0 Security Vulnerabilities
Multiple cross-site scripting (XSS) vulnerabilities in ModX Evolution before 1.0.5 allow remote attackers to inject arbitrary web script or HTML via the (1) installer or (2) image editor.
CVSS Score
4.3
EPSS Score
0.004
Published
2011-02-02
SQL injection vulnerability in MODx Evolution 1.0.4 and earlier allows remote attackers to execute arbitrary SQL commands via unknown vectors related to AjaxSearch.
CVSS Score
7.5
EPSS Score
0.005
Published
2011-02-02
Directory traversal vulnerability in MODx Evolution 1.0.4 and earlier allows remote attackers to read arbitrary files via unspecified vectors related to AjaxSearch, a different vulnerability than CVE-2010-1427.
CVSS Score
5.0
EPSS Score
0.002
Published
2011-02-02
Cross-site scripting (XSS) vulnerability in the SearchHighlight plugin in MODx Evolution before 1.0.3 allows remote attackers to inject arbitrary web script or HTML via unknown vectors related to AjaxSearch.
CVSS Score
4.3
EPSS Score
0.004
Published
2010-04-15