CVE Tools

modx

Web & CMS Pluginsoss-project

31

Cumulative CVEs

13

Monthly snapshots

#34

Peak rank

Top products

modx revolution4

Latest CVEs

The 15 most recently published vulnerabilities affecting modx.

CVE-2025-28010A cross-site scripting (XSS) vulnerability has been identified in MODX prior to 3.1.0. The vulnerability allows authenticated users to upload SVG files containing malicious JavaScript code as profi...5.4Mar 13, 2025
CVE-2022-26149MODX Revolution through 2.8.3-pl allows remote authenticated administrators to execute arbitrary code by uploading an executable file, because the Uploadable File Types setting can be changed by an...7.2Feb 26, 2022
CVE-2020-25911A XML External Entity (XXE) vulnerability was discovered in the modRestServiceRequest component in MODX CMS 2.7.3 which can lead to an information disclosure or denial of service (DOS).9.1Oct 31, 2021
CVE-2019-14518Evolution CMS 2.0.x allows XSS via a description and new category location in a template. NOTE: the vendor states that the behavior is consistent with the "access policy in the administration panel.5.4Aug 15, 2019
CVE-2019-1010178Fred MODX Revolution < 1.0.0-beta5 is affected by: Incorrect Access Control - CWE-648. The impact is: Remote Code Execution. The component is: assets/components/fred/web/elfinder/connector.php. The...9.8Jul 24, 2019
CVE-2019-1010123MODX Revolution Gallery 1.7.0 is affected by: CWE-434: Unrestricted Upload of File with Dangerous Type. The impact is: Creating file with custom a filename and content. The component is: Filtering ...7.5Jul 23, 2019
CVE-2018-20758MODX Revolution through v2.7.0-pl allows XSS via User Settings such as Description.5.4Feb 6, 2019
CVE-2018-20757MODX Revolution through v2.7.0-pl allows XSS via an extended user field such as Container name or Attribute name.6.1Feb 6, 2019
CVE-2018-20756MODX Revolution through v2.7.0-pl allows XSS via a document resource (such as pagetitle), which is mishandled during an Update action, a Quick Edit action, or the viewing of manager logs.6.1Feb 6, 2019
CVE-2018-20755MODX Revolution through v2.7.0-pl allows XSS via the User Photo field.6.1Feb 6, 2019
CVE-2018-16638Evolution CMS 1.4.x allows XSS via the manager/ search parameter.5.4Dec 28, 2018
CVE-2018-16637Evolution CMS 1.4.x allows XSS via the page weblink title parameter to the manager/ URI.5.4Dec 28, 2018
CVE-2018-17556MODX Revolution v2.6.5-pl allows stored XSS via a Create New Media Source action.5.4Sep 26, 2018
CVE-2018-1000208MODX Revolution version <=2.6.4 contains a Directory Traversal vulnerability in /core/model/modx/modmanagerrequest.class.php that can result in remove files. This attack appear to be exploitable vi...7.5Jul 13, 2018
CVE-2018-1000207MODX Revolution version <=2.6.4 contains a Incorrect Access Control vulnerability in Filtering user parameters before passing them into phpthumb class that can result in Creating file with custom a...7.2Jul 13, 2018