pkg:Packagist/modx/revolution

All known vulnerabilities

• CRITICAL9.1CVE-2020-25911XML External Entity vulnerability in MODX CMS
  from 0, < 2.8.0
• HIGH8.8CVE-2017-9069MODX Revolution allows overwriting .htaccess
  from 0, < 2.5.7
• HIGH8.8CVE-2017-1000067MODX Revolution blind SQL injection
  >= 2.0.0, < 2.6.0
• HIGH7.2MODX Revolution Incorrect Access Control vulnerability
  from 0, < 2.7.0
• HIGH7.2Unrestricted Upload of File with Dangerous Type in MODX Revolution
  from 0, <= 2.8.3-pl
• HIGH7.0MODX Revolution Directory Traversal Vulnerability
  from 0, < 2.5.7
• MEDIUM6.1MODX Revolution Reflected XSS
  from 0, < 2.5.7
• MEDIUM6.1MODX Revolution allows XSS through extended user fields
  from 0, < 2.7.1-pl
• MEDIUM6.1MODX Revolution allows XSS via document resources
  from 0, < 2.7.1-pl
• MEDIUM6.1MODX Revolution vulnerable to XSS attack through its User Photo field
  from 0, < 2.7.1-pl
• MEDIUM5.4MODX allows cross-site scripting (XSS) via an SVG file
  from 0, <= 3.1.0
• MEDIUM5.4MODX Revolution cross-site scripting vulnerability
  from 0, < 2.5.7
• MEDIUM5.4MODX vulnerability allows for XSS via user settings parameters
  from 0, < 2.7.1-pl
• MEDIUM4.7MODX Revolution XSS via HTTP Host header
  from 0, < 2.5.7