Cross-site scripting (XSS) vulnerability in index.php in ModX 0.9.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter. NOTE: this might be resultant from the directory traversal vulnerability.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| modxcms | modxcms | 0.9.1 |
Directory traversal vulnerability in index.php in ModX 0.9.1 allows remote attackers to read arbitrary files via a .. (dot dot) sequence and trailing NULL (%00) byte in the id parameter.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| modxcms | modxcms | 0.9.1 |
download.php in the MuddyDogPaws FileDownload snippet before 2.5 for MODx allows remote attackers to download arbitrary files, as demonstrated by downloading config.inc.php to obtain database credentials.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| modxcms | filedownload | 1.7 |
| modxcms | filedownload | 2.0 |
Multiple directory traversal vulnerabilities in MODx Content Management System 0.9.6.1 allow remote attackers to (1) include and execute arbitrary local files via a .. (dot dot) in the as_language parameter to assets/snippets/AjaxSearch/AjaxSearch.php, reached through index-ajax.php; and (2) read arbitrary local files via a .. (dot dot) in the file parameter to assets/js/htcmime.php.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-22,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| modxcms | modxcms | 0.9.6.1 |
SQL injection vulnerability in MODx Evolution before 1.0.3 allows remote attackers to execute arbitrary SQL commands via unknown vectors related to WebLogin.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-89,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| modxcms | modxcms | 0.9.6.1 |
| modxcms | modxcms | 0.9.6 |
| modxcms | modxcms | 0.9.6.2 |
| modxcms | modxcms | * |
| modxcms | modxcms | 0.9.1 |
| modxcms | modxcms | 0.9.5 |
| modxcms | modxcms | 0.9.0 |
| modxcms | modxcms | 0.9.2.1 |
Cross-site scripting (XSS) vulnerability in the SearchHighlight plugin in MODx Evolution before 1.0.3 allows remote attackers to inject arbitrary web script or HTML via unknown vectors related to AjaxSearch.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| modxcms | evolution | 0.9.2.1 |
| modxcms | evolution | 0.9.6.1 |
| modxcms | evolution | 0.9.6.2 |
| modxcms | evolution | * |
| modxcms | evolution | 0.9.1 |
| modxcms | evolution | 0.9.6 |
| modxcms | evolution | 0.9.0 |
| modxcms | evolution | 0.9.5 |
SQL injection vulnerability in MODx Evolution 1.0.4 and earlier allows remote attackers to execute arbitrary SQL commands via unknown vectors related to AjaxSearch.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-89,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| modxcms | evolution | 0.9.2.1 |
| modxcms | evolution | 1.0.2 |
| modxcms | evolution | 0.9.6.1 |
| modxcms | evolution | 0.9.6.2 |
| modxcms | evolution | * |
| modxcms | evolution | 1.0.3 |
| modxcms | evolution | 0.9.1 |
| modxcms | evolution | 0.9.6 |
| modxcms | evolution | 0.9.0 |
| modxcms | evolution | 0.9.5 |
Directory traversal vulnerability in MODx Evolution 1.0.4 and earlier allows remote attackers to read arbitrary files via unspecified vectors related to AjaxSearch, a different vulnerability than CVE-2010-1427.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-22,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| modxcms | evolution | 0.9.2.1 |
| modxcms | evolution | 1.0.2 |
| modxcms | evolution | 0.9.6.1 |
| modxcms | evolution | 0.9.6.2 |
| modxcms | evolution | * |
| modxcms | evolution | 1.0.3 |
| modxcms | evolution | 0.9.1 |
| modxcms | evolution | 0.9.6 |
| modxcms | evolution | 0.9.0 |
| modxcms | evolution | 0.9.5 |
Multiple cross-site scripting (XSS) vulnerabilities in ModX Evolution before 1.0.5 allow remote attackers to inject arbitrary web script or HTML via the (1) installer or (2) image editor.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| modxcms | evolution | 0.9.2.1 |
| modxcms | evolution | 1.0.2 |
| modxcms | evolution | 0.9.6.1 |
| modxcms | evolution | 0.9.6.2 |
| modxcms | evolution | * |
| modxcms | evolution | 1.0.3 |
| modxcms | evolution | 0.9.1 |
| modxcms | evolution | 0.9.6 |
| modxcms | evolution | 0.9.0 |
| modxcms | evolution | 0.9.5 |