pkg:Packagist/modx/revolution

All known vulnerabilities

• CRITICAL9.1CVE-2020-25911XML External Entity vulnerability in MODX CMS
  from 0, < 2.8.0
• HIGH8.8CVE-2017-9069MODX Revolution allows overwriting .htaccess
  from 0, < 2.5.7
• HIGH8.8CVE-2017-1000067MODX Revolution blind SQL injection
  >= 2.0.0, < 2.6.0
• HIGH7.2CVE-2018-1000207MODX Revolution Incorrect Access Control vulnerability
  from 0, < 2.7.0
• HIGH7.2CVE-2022-26149Unrestricted Upload of File with Dangerous Type in MODX Revolution
  from 0, <= 2.8.3-pl
• HIGH7.0CVE-2017-9067MODX Revolution Directory Traversal Vulnerability
  from 0, < 2.5.7
• MEDIUM6.1CVE-2017-9068MODX Revolution Reflected XSS
  from 0, < 2.5.7
• MEDIUM6.1CVE-2018-20757MODX Revolution allows XSS through extended user fields
  from 0, < 2.7.1-pl
• MEDIUM6.1CVE-2018-20756MODX Revolution allows XSS via document resources
  from 0, < 2.7.1-pl
• MEDIUM6.1CVE-2018-20755MODX Revolution vulnerable to XSS attack through its User Photo field
  from 0, < 2.7.1-pl
• MEDIUM5.4CVE-2025-28010MODX allows cross-site scripting (XSS) via an SVG file
  from 0, <= 3.1.0
• MEDIUM5.4CVE-2017-9070MODX Revolution cross-site scripting vulnerability
  from 0, < 2.5.7
• MEDIUM5.4CVE-2018-20758MODX vulnerability allows for XSS via user settings parameters
  from 0, < 2.7.1-pl
• MEDIUM4.7CVE-2017-9071MODX Revolution XSS via HTTP Host header
  from 0, < 2.5.7