ModX Revolution 2.5.7

CPE Details

ModX Revolution 2.5.7
2.5.7
2017-05-24
15h38 +00:00
2017-05-24
15h38 +00:00
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:modx:modx_revolution:2.5.7:*:*:*:*:*:*:*

Informations

Vendor

modx

Product

modx_revolution

Version

2.5.7

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2019-1010123 2019-07-23 10h36 +00:00 MODX Revolution Gallery 1.7.0 is affected by: CWE-434: Unrestricted Upload of File with Dangerous Type. The impact is: Creating file with custom a filename and content. The component is: Filtering user parameters before passing them into phpthumb class. The attack vector is: web request via /assets/components/gallery/connector.php.
7.5
High
CVE-2018-20755 2019-02-06 16h00 +00:00 MODX Revolution through v2.7.0-pl allows XSS via the User Photo field.
6.1
Medium
CVE-2018-20756 2019-02-06 16h00 +00:00 MODX Revolution through v2.7.0-pl allows XSS via a document resource (such as pagetitle), which is mishandled during an Update action, a Quick Edit action, or the viewing of manager logs.
6.1
Medium
CVE-2018-20757 2019-02-06 16h00 +00:00 MODX Revolution through v2.7.0-pl allows XSS via an extended user field such as Container name or Attribute name.
6.1
Medium
CVE-2018-20758 2019-02-06 16h00 +00:00 MODX Revolution through v2.7.0-pl allows XSS via User Settings such as Description.
5.4
Medium
CVE-2018-1000208 2018-07-13 18h00 +00:00 MODX Revolution version <=2.6.4 contains a Directory Traversal vulnerability in /core/model/modx/modmanagerrequest.class.php that can result in remove files. This attack appear to be exploitable via web request via security/login processor. This vulnerability appears to have been fixed in pull 13980.
7.5
High
CVE-2018-1000207 2018-07-13 16h00 +00:00 MODX Revolution version <=2.6.4 contains a Incorrect Access Control vulnerability in Filtering user parameters before passing them into phpthumb class that can result in Creating file with custom a filename and content. This attack appear to be exploitable via Web request. This vulnerability appears to have been fixed in commit 06bc94257408f6a575de20ddb955aca505ef6e68.
7.2
High
CVE-2017-11744 2017-07-30 15h00 +00:00 In MODX Revolution 2.5.7, the "key" and "name" parameters in the System Settings module are vulnerable to XSS. A malicious payload sent to connectors/index.php will be triggered by every user, when they visit this module.
6.1
Medium
CVE-2017-8115 2017-04-25 19h00 +00:00 Directory traversal in setup/processors/url_search.php (aka the search page of an unused processor) in MODX Revolution 2.5.7 might allow remote attackers to obtain system directory information.
5.3
Medium