exploitDog

CVE-2020-25911

Опубликовано: 31 окт. 2021

Источник: nvd

CVSS3: 9.1

CVSS2: 6.4

EPSS Низкий

Описание

A XML External Entity (XXE) vulnerability was discovered in the modRestServiceRequest component in MODX CMS 2.7.3 which can lead to an information disclosure or denial of service (DOS).

Ссылки

https://github.com/dahua966/Vul_disclose/blob/main/XXE_modxcms.md
Exploit
Third Party Advisory
https://github.com/modxcms/revolution/issues/15237
Patch
Third Party Advisory
https://github.com/dahua966/Vul_disclose/blob/main/XXE_modxcms.md
Exploit
Third Party Advisory
https://github.com/modxcms/revolution/issues/15237
Patch
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:modx:modx_revolution:2.7.3:*:*:*:*:*:*:*

EPSS

Процентиль: 76%

0.00961

Низкий

9.1 Critical

CVSS3

6.4 Medium

CVSS2

Дефекты

CWE-611

Связанные уязвимости

GHSA-vhfp-9wvj-gwvg

CVSS3: 9.1

github

больше 4 лет назад

XML External Entity vulnerability in MODX CMS

EPSS

Процентиль: 76%

0.00961

Низкий

9.1 Critical

CVSS3

6.4 Medium

CVSS2

Дефекты

CWE-611