CVE-2020-25911
CRITICALMODX Revolution < 2.8.0 - XML External Entity Injection in modRestServiceRequest
Title source: llmDescription
A XML External Entity (XXE) vulnerability was discovered in the modRestServiceRequest component in MODX CMS 2.7.3 which can lead to an information disclosure or denial of service (DOS).
References (2)
Core 2
Core References
Patch, Third Party Advisory x_refsource_misc
https://github.com/modxcms/revolution/issues/15237
Exploit, Third Party Advisory x_refsource_misc
https://github.com/dahua966/Vul_disclose/blob/main/XXE_modxcms.md
Scores
CVSS v3
9.1
EPSS
0.0231
EPSS Percentile
81.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
Details
CWE
CWE-611
Status
published
Products (2)
modx/modx_revolution
2.7.3
modx/revolution
0 - 2.8.0Packagist
Published
Oct 31, 2021
Tracked Since
Feb 18, 2026