Index
Bugtraq
Pełna lista
Błędy
Sztuczki
Exploity
Dorks list
Tylko z CVE
Tylko z CWE
Bogus
Ranking
CVEMAP
Świeża lista CVE
Producenci
Produkty
Słownik CWE
Sprawdź nr. CVE
Sprawdź nr. CWE
Szukaj
W Bugtraq
W bazie CVE
Po autorze
Po nr. CVE
Po nr. CWE
Po producencie
Po produkcie
RSS
Bugtraq
CVEMAP
CVE Produkty
Tylko Błędy
Tylko Exploity
Tylko Dorks
Więcej
cIFrex
Facebook
Twitter
Donate
O bazie
Lang
Polish
English
Submit
Podatności dla
'Modx revolution'
2021-10-31
CVE-2020-25911
CWE-611
A XML External Entity (XXE) vulnerability was discovered in the modRestServiceRequest component in MODX CMS 2.7.3 which can lead to an information disclosure or denial of service (DOS).
2019-07-23
CVE-2019-1010123
CWE-434
MODX Revolution Gallery 1.7.0 is affected by: CWE-434: Unrestricted Upload of File with Dangerous Type. The impact is: Creating file with custom a filename and content. The component is: Filtering user parameters before passing them into phpthumb class. The attack vector is: web request via /assets/components/gallery/connector.php.
2019-02-06
CVE-2018-20758
CWE-79
MODX Revolution through v2.7.0-pl allows XSS via User Settings such as Description.
CVE-2018-20757
CWE-79
MODX Revolution through v2.7.0-pl allows XSS via an extended user field such as Container name or Attribute name.
CVE-2018-20756
CWE-79
MODX Revolution through v2.7.0-pl allows XSS via a document resource (such as pagetitle), which is mishandled during an Update action, a Quick Edit action, or the viewing of manager logs.
CVE-2018-20755
CWE-79
MODX Revolution through v2.7.0-pl allows XSS via the User Photo field.
2018-09-26
CVE-2018-17556
CWE-79
MODX Revolution v2.6.5-pl allows stored XSS via a Create New Media Source action.
2018-07-13
CVE-2018-1000208
CWE-22
MODX Revolution version <=2.6.4 contains a Directory Traversal vulnerability in /core/model/modx/modmanagerrequest.class.php that can result in remove files. This attack appear to be exploitable via web request via security/login processor. This vulnerability appears to have been fixed in pull 13980.
CVE-2018-1000207
CWE-732
MODX Revolution version <=2.6.4 contains a Incorrect Access Control vulnerability in Filtering user parameters before passing them into phpthumb class that can result in Creating file with custom a filename and content. This attack appear to be exploitable via Web request. This vulnerability appears to have been fixed in commit 06bc94257408f6a575de20ddb955aca505ef6e68.
2018-06-01
CVE-2018-10382
CWE-79
MODX Revolution 2.6.3 has XSS.
Copyright
2024
, cxsecurity.com
Back to Top
Podatności dla 'Modx revolution' 
Polish
English