Vulnerabilities (CVE)

Filtered by vendor Modx Subscribe

Filtered by product Modx Revolution

CVSS v3 Filter

ALL

NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 3 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2020-25911	1 Modx	1 Modx Revolution	2021-11-02	6.4 MEDIUM	9.1 CRITICAL
A XML External Entity (XXE) vulnerability was discovered in the modRestServiceRequest component in MODX CMS 2.7.3 which can lead to an information disclosure or denial of service (DOS).
CVE-2017-7324	1 Modx	1 Modx Revolution	2020-01-10	7.5 HIGH	9.8 CRITICAL
setup/templates/findcore.php in MODX Revolution 2.5.4-pl and earlier allows remote attackers to execute arbitrary PHP code via the core_path parameter.
CVE-2017-7321	1 Modx	1 Modx Revolution	2020-01-10	7.5 HIGH	9.8 CRITICAL
setup/controllers/welcome.php in MODX Revolution 2.5.4-pl and earlier allows remote attackers to execute arbitrary PHP code via the config_key parameter to the setup/index.php?action=welcome URI.