CVE-2020-25911

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2020-25911

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-25911.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2020-25911

Aliases

Published

2021-10-31T19:15:09.780Z

Modified

2026-03-13T00:37:12.911711Z

Severity

9.1 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H CVSS Calculator

Summary

[none]

Details

A XML External Entity (XXE) vulnerability was discovered in the modRestServiceRequest component in MODX CMS 2.7.3 which can lead to an information disclosure or denial of service (DOS).

References

Affected packages

Git / github.com/modxcms/revolution

Affected ranges

Type

GIT

Repo

https://github.com/modxcms/revolution

Events

Introduced

Last affected

8375249e93dd9a9e8f1979e8f7ba407b79f1b913

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.7.3"
        }
    ]
}

Affected versions

v2.*

v2.0.1-pl

v2.0.3-pl

v2.0.4-pl

v2.0.4-pl2

v2.0.5-pl

v2.0.6-pl

v2.0.6-pl2

v2.0.7-pl

v2.0.8-pl

v2.1.0-pl

v2.1.0-rc1

v2.1.0-rc2

v2.1.0-rc3

v2.1.0-rc4

v2.1.1-pl

v2.1.2-pl

v2.1.3-pl

v2.1.4-pl

v2.1.5-pl

v2.2.0-pl

v2.2.0-pl2

v2.2.0-rc1

v2.2.0-rc2

v2.2.0-rc3

v2.2.1-pl

v2.2.10-pl

v2.2.11-pl

v2.2.12-pl

v2.2.13-pl

v2.2.14-pl

v2.2.15-pl

v2.2.2-pl

v2.2.3-pl

v2.2.4-pl

v2.2.5-pl

v2.2.6-pl

v2.2.7-pl

v2.2.8-pl

v2.2.9-pl

v2.3.0-pl

v2.3.1-pl

v2.3.2-pl

v2.3.3-pl

v2.3.4-pl

v2.3.5-pl

v2.3.6-pl

v2.4.0-rc1

v2.4.1-pl

v2.4.2-pl

v2.4.3-pl

v2.4.4-pl

v2.5.0-pl

v2.5.0-rc1

v2.5.0-rc2

v2.5.1-pl

v2.5.2-pl

v2.5.3-pl

v2.5.4-pl

v2.5.5-pl

v2.5.6-pl

v2.6.0-pl

v2.6.1-pl

v2.6.2-pl

v2.6.3-pl

v2.6.4-pl

v2.7.0-pl

v2.7.1-pl

v2.7.2-pl

v2.7.3-pl

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-25911.json"