Security Advisories - modx/revolution

modx/revolution Security Advisories (14)

[LOW] MODX allows cross-site scripting (XSS) via an SVG file

PKSA-xzqv-w6dn-tnz5 CVE-2025-28010 GHSA-hm54-fg2w-2g6j

Affected version: <=3.1.0

Reported by:
GitHub
[MEDIUM] MODX Revolution Reflected XSS

PKSA-3f47-8ppn-z63n CVE-2017-9068 GHSA-vrw6-7vgj-vj7x

Affected version: <2.5.7

Reported by:
GitHub
[HIGH] MODX Revolution allows overwriting .htaccess

PKSA-zgjx-d83q-84pr CVE-2017-9069 GHSA-23gj-x27g-r34f

Affected version: <2.5.7

Reported by:
GitHub
[MEDIUM] MODX Revolution cross-site scripting vulnerability

PKSA-xw8y-jfrt-95jx CVE-2017-9070 GHSA-7hhg-xj2h-5vq9

Affected version: <2.5.7

Reported by:
GitHub
[MEDIUM] MODX Revolution XSS via HTTP Host header

PKSA-3rn9-vnj8-trvb CVE-2017-9071 GHSA-p2j4-vrgx-96qg

Affected version: <2.5.7

Reported by:
GitHub
[HIGH] MODX Revolution Directory Traversal Vulnerability

PKSA-xgyg-tx1y-hmm7 CVE-2017-9067 GHSA-cgrv-6h2h-6f7v

Affected version: <2.5.7

Reported by:
GitHub
[HIGH] MODX Revolution blind SQL injection

PKSA-gd3t-q6s1-yszf CVE-2017-1000067 GHSA-phhm-6pgm-mxw9

Affected version: >=2.0.0,<=2.5.6

Reported by:
GitHub
[MEDIUM] MODX Revolution vulnerable to XSS attack through its User Photo field

PKSA-m1g9-mnjc-hmqz CVE-2018-20755 GHSA-q4c2-q63g-62j7

Affected version: <2.7.1-pl

Reported by:
GitHub
[MEDIUM] MODX Revolution allows XSS via document resources

PKSA-4htf-vpvz-w8mj CVE-2018-20756 GHSA-fpxg-5x79-43rm

Affected version: <2.7.1-pl

Reported by:
GitHub
[MEDIUM] MODX Revolution allows XSS through extended user fields

PKSA-51tt-xjsn-s945 CVE-2018-20757 GHSA-gm2g-65wj-43g8

Affected version: <2.7.1-pl

Reported by:
GitHub
[HIGH] MODX Revolution Incorrect Access Control vulnerability

PKSA-kcck-wkpg-fctq CVE-2018-1000207 GHSA-m899-6mh4-mpc5

Affected version: <=2.6.4

Reported by:
GitHub
[MEDIUM] MODX vulnerability allows for XSS via user settings parameters

PKSA-pn6x-q8b3-x3r3 CVE-2018-20758 GHSA-vwqw-wfhv-2xcq

Affected version: <2.7.1-pl

Reported by:
GitHub
[HIGH] Unrestricted Upload of File with Dangerous Type in MODX Revolution

PKSA-742p-bz18-z52m CVE-2022-26149 GHSA-j8jp-9x42-4pj5

Affected version: <=2.8.3-pl

Reported by:
GitHub
[CRITICAL] XML External Entity vulnerability in MODX CMS

PKSA-bqwv-kpq3-qmj9 CVE-2020-25911 GHSA-vhfp-9wvj-gwvg

Affected version: <2.8.0

Reported by:
GitHub

modx/revolution Security Advisories (14)

[LOW] MODX allows cross-site scripting (XSS) via an SVG file

[MEDIUM] MODX Revolution Reflected XSS

[HIGH] MODX Revolution allows overwriting .htaccess

[MEDIUM] MODX Revolution cross-site scripting vulnerability

[MEDIUM] MODX Revolution XSS via HTTP Host header

[HIGH] MODX Revolution Directory Traversal Vulnerability

[HIGH] MODX Revolution blind SQL injection

[MEDIUM] MODX Revolution vulnerable to XSS attack through its User Photo field

[MEDIUM] MODX Revolution allows XSS via document resources

[MEDIUM] MODX Revolution allows XSS through extended user fields

[HIGH] MODX Revolution Incorrect Access Control vulnerability

[MEDIUM] MODX vulnerability allows for XSS via user settings parameters

[HIGH] Unrestricted Upload of File with Dangerous Type in MODX Revolution

[CRITICAL] XML External Entity vulnerability in MODX CMS