MidnightBSD

Advisories for modxcms

CVE-2006-1820 MEDIUM

Cross-site scripting (XSS) vulnerability in index.php in ModX 0.9.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter. NOTE: this might be resultant from the directory traversal vulnerability.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
modxcms modxcms 0.9.1
CVE-2006-1821 MEDIUM

Directory traversal vulnerability in index.php in ModX 0.9.1 allows remote attackers to read arbitrary files via a .. (dot dot) sequence and trailing NULL (%00) byte in the id parameter.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
modxcms modxcms 0.9.1
CVE-2007-0659 HIGH

download.php in the MuddyDogPaws FileDownload snippet before 2.5 for MODx allows remote attackers to download arbitrary files, as demonstrated by downloading config.inc.php to obtain database credentials.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
modxcms filedownload 1.7
modxcms filedownload 2.0
CVE-2008-0094 MEDIUM

Multiple directory traversal vulnerabilities in MODx Content Management System 0.9.6.1 allow remote attackers to (1) include and execute arbitrary local files via a .. (dot dot) in the as_language parameter to assets/snippets/AjaxSearch/AjaxSearch.php, reached through index-ajax.php; and (2) read arbitrary local files via a .. (dot dot) in the file parameter to assets/js/htcmime.php.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,

Products Affected

Vendor Product Version
modxcms modxcms 0.9.6.1
CVE-2010-1426 HIGH

SQL injection vulnerability in MODx Evolution before 1.0.3 allows remote attackers to execute arbitrary SQL commands via unknown vectors related to WebLogin.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-89,

Products Affected

Vendor Product Version
modxcms modxcms 0.9.6.1
modxcms modxcms 0.9.6
modxcms modxcms 0.9.6.2
modxcms modxcms *
modxcms modxcms 0.9.1
modxcms modxcms 0.9.5
modxcms modxcms 0.9.0
modxcms modxcms 0.9.2.1
CVE-2010-1427 MEDIUM

Cross-site scripting (XSS) vulnerability in the SearchHighlight plugin in MODx Evolution before 1.0.3 allows remote attackers to inject arbitrary web script or HTML via unknown vectors related to AjaxSearch.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
modxcms evolution 0.9.2.1
modxcms evolution 0.9.6.1
modxcms evolution 0.9.6.2
modxcms evolution *
modxcms evolution 0.9.1
modxcms evolution 0.9.6
modxcms evolution 0.9.0
modxcms evolution 0.9.5
CVE-2010-3929 HIGH

SQL injection vulnerability in MODx Evolution 1.0.4 and earlier allows remote attackers to execute arbitrary SQL commands via unknown vectors related to AjaxSearch.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-89,

Products Affected

Vendor Product Version
modxcms evolution 0.9.2.1
modxcms evolution 1.0.2
modxcms evolution 0.9.6.1
modxcms evolution 0.9.6.2
modxcms evolution *
modxcms evolution 1.0.3
modxcms evolution 0.9.1
modxcms evolution 0.9.6
modxcms evolution 0.9.0
modxcms evolution 0.9.5
CVE-2010-3930 MEDIUM

Directory traversal vulnerability in MODx Evolution 1.0.4 and earlier allows remote attackers to read arbitrary files via unspecified vectors related to AjaxSearch, a different vulnerability than CVE-2010-1427.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,

Products Affected

Vendor Product Version
modxcms evolution 0.9.2.1
modxcms evolution 1.0.2
modxcms evolution 0.9.6.1
modxcms evolution 0.9.6.2
modxcms evolution *
modxcms evolution 1.0.3
modxcms evolution 0.9.1
modxcms evolution 0.9.6
modxcms evolution 0.9.0
modxcms evolution 0.9.5
CVE-2011-0741 MEDIUM

Multiple cross-site scripting (XSS) vulnerabilities in ModX Evolution before 1.0.5 allow remote attackers to inject arbitrary web script or HTML via the (1) installer or (2) image editor.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
modxcms evolution 0.9.2.1
modxcms evolution 1.0.2
modxcms evolution 0.9.6.1
modxcms evolution 0.9.6.2
modxcms evolution *
modxcms evolution 1.0.3
modxcms evolution 0.9.1
modxcms evolution 0.9.6
modxcms evolution 0.9.0
modxcms evolution 0.9.5