modx/revolution Security Advisories (5)
-
[LOW] MODX allows cross-site scripting (XSS) via an SVG file
PKSA-xzqv-w6dn-tnz5 CVE-2025-28010 GHSA-hm54-fg2w-2g6j
Affected version: <=3.1.0
Reported by:
GitHub -
[HIGH] MODX Revolution blind SQL injection
PKSA-gd3t-q6s1-yszf CVE-2017-1000067 GHSA-phhm-6pgm-mxw9
Affected version: >=2.0.0,<=2.5.6
Reported by:
GitHub -
[HIGH] MODX Revolution Incorrect Access Control vulnerability
PKSA-kcck-wkpg-fctq CVE-2018-1000207 GHSA-m899-6mh4-mpc5
Affected version: <=2.6.4
Reported by:
GitHub -
[HIGH] Unrestricted Upload of File with Dangerous Type in MODX Revolution
PKSA-742p-bz18-z52m CVE-2022-26149 GHSA-j8jp-9x42-4pj5
Affected version: <=2.8.3-pl
Reported by:
GitHub -
[CRITICAL] XML External Entity vulnerability in MODX CMS
PKSA-bqwv-kpq3-qmj9 CVE-2020-25911 GHSA-vhfp-9wvj-gwvg
Affected version: <2.8.0
Reported by:
GitHub