modx/revolution Security Advisories for v2.7.0-pl (7)
-
[LOW] MODX allows cross-site scripting (XSS) via an SVG file
PKSA-xzqv-w6dn-tnz5 CVE-2025-28010 GHSA-hm54-fg2w-2g6j
Affected version: <=3.1.0
Reported by:
GitHub -
[MEDIUM] MODX Revolution vulnerable to XSS attack through its User Photo field
PKSA-m1g9-mnjc-hmqz CVE-2018-20755 GHSA-q4c2-q63g-62j7
Affected version: <2.7.1-pl
Reported by:
GitHub -
[MEDIUM] MODX Revolution allows XSS via document resources
PKSA-4htf-vpvz-w8mj CVE-2018-20756 GHSA-fpxg-5x79-43rm
Affected version: <2.7.1-pl
Reported by:
GitHub -
[MEDIUM] MODX Revolution allows XSS through extended user fields
PKSA-51tt-xjsn-s945 CVE-2018-20757 GHSA-gm2g-65wj-43g8
Affected version: <2.7.1-pl
Reported by:
GitHub -
[MEDIUM] MODX vulnerability allows for XSS via user settings parameters
PKSA-pn6x-q8b3-x3r3 CVE-2018-20758 GHSA-vwqw-wfhv-2xcq
Affected version: <2.7.1-pl
Reported by:
GitHub -
[HIGH] Unrestricted Upload of File with Dangerous Type in MODX Revolution
PKSA-742p-bz18-z52m CVE-2022-26149 GHSA-j8jp-9x42-4pj5
Affected version: <=2.8.3-pl
Reported by:
GitHub -
[CRITICAL] XML External Entity vulnerability in MODX CMS
PKSA-bqwv-kpq3-qmj9 CVE-2020-25911 GHSA-vhfp-9wvj-gwvg
Affected version: <2.8.0
Reported by:
GitHub