CRITICAL🇬🇧 English

CVE-2020-25911

CVSS 9.1v3.1pub. 2021-10-31upd. 2024-11-21

A XML External Entity (XXE) vulnerability was discovered in the modRestServiceRequest component in MODX CMS 2.7.3 which can lead to an information disclosure or denial of service (DOS).

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
  • Modx Revolution

    APP
    Modx
    2.7.3
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
DoSXXE
CWE
Referencje

Powiązane podatności

CVE-2017-7321CRITICAL9.8ten sam produkt

setup/controllers/welcome.php in MODX Revolution 2.5.4-pl and earlier allows remote attackers to execute arbit...

CVE-2017-7324CRITICAL9.8ten sam produkt

setup/templates/findcore.php in MODX Revolution 2.5.4-pl and earlier allows remote attackers to execute arbitr...

CVE-2019-1010123HIGH7.5ten sam produkt

MODX Revolution Gallery 1.7.0 is affected by: CWE-434: Unrestricted Upload of File with Dangerous Type. The im...

CVE-2018-1000207HIGH7.2ten sam produkt

MODX Revolution version <=2.6.4 contains a Incorrect Access Control vulnerability in Filtering user parameters...

CVE-2018-1000208HIGH7.5ten sam produkt

MODX Revolution version <=2.6.4 contains a Directory Traversal vulnerability in /core/model/modx/modmanagerreq...