CVE-2025-28010

{"id": "CVE-2025-28010", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.3}]}, "published": "2025-03-13T16:15:27.690", "references": [{"url": "https://github.com/rtnthakur/CVE/blob/main/MODX/README.md", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "A cross-site scripting (XSS) vulnerability has been identified in MODX prior to 3.1.0. The vulnerability allows authenticated users to upload SVG files containing malicious JavaScript code as profile images, which gets executed in victims' browsers when viewing the profile image."}, {"lang": "es", "value": "Se ha identificado una vulnerabilidad de Cross Site Scripting (XSS) en MODX anterior a la versi\u00f3n 3.1.0. Esta vulnerabilidad permite a los usuarios autenticados subir archivos SVG con c\u00f3digo JavaScript malicioso como im\u00e1genes de perfil, que se ejecutan en los navegadores de las v\u00edctimas al visualizar la imagen de perfil."}], "lastModified": "2025-04-03T16:42:46.520", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:modx:modx:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7CE7BC48-9EB6-4B96-867E-C353863B4834", "versionEndIncluding": "3.1.0"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}