Filtered by vendor Modx
Subscribe
Total
44 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-16637 | 1 Modx | 1 Evolution Cms | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Evolution CMS 1.4.x allows XSS via the page weblink title parameter to the manager/ URI. | |||||
| CVE-2018-10382 | 1 Modx | 1 Modx Revolution | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| MODX Revolution 2.6.3 has XSS. | |||||
| CVE-2018-1000208 | 1 Modx | 1 Modx Revolution | 2024-11-21 | 6.4 MEDIUM | 7.5 HIGH |
| MODX Revolution version <=2.6.4 contains a Directory Traversal vulnerability in /core/model/modx/modmanagerrequest.class.php that can result in remove files. This attack appear to be exploitable via web request via security/login processor. This vulnerability appears to have been fixed in pull 13980. | |||||
| CVE-2018-1000207 | 1 Modx | 1 Modx Revolution | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| MODX Revolution version <=2.6.4 contains a Incorrect Access Control vulnerability in Filtering user parameters before passing them into phpthumb class that can result in Creating file with custom a filename and content. This attack appear to be exploitable via Web request. This vulnerability appears to have been fixed in commit 06bc94257408f6a575de20ddb955aca505ef6e68. | |||||