Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:composer/modx/revolution@2.5.7

Type composer

Namespace modx

Name revolution

Version 2.5.7

Qualifiers

Subpath

Is_vulnerable false

Next_non_vulnerable_version 2.5.7

Latest_non_vulnerable_version 2.8.3-pl

Affected_by_vulnerabilities

Fixing_vulnerabilities

url VCID-1jqs-phm6-53f4

vulnerability_id VCID-1jqs-phm6-53f4

summary

MODX Revolution XSS via HTTP Host header
In MODX Revolution before 2.5.7, an attacker might be able to trigger XSS by injecting a payload into the HTTP Host header of a request. This is exploitable only in conjunction with other issues such as Cache Poisoning.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-9071

reference_id

reference_type

scores

value	0.00301
scoring_system	epss
scoring_elements	0.53688
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-9071

reference_url	https://citadelo.com/en/2017/04/modx-revolution-cms
reference_id
reference_type
scores
url	https://citadelo.com/en/2017/04/modx-revolution-cms

reference_url	https://github.com/modxcms/revolution
reference_id
reference_type
scores
url	https://github.com/modxcms/revolution

reference_url	https://github.com/modxcms/revolution/pull/13426
reference_id
reference_type
scores
url	https://github.com/modxcms/revolution/pull/13426

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2017-9071
reference_id	CVE-2017-9071
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2017-9071

reference_url	https://github.com/advisories/GHSA-p2j4-vrgx-96qg
reference_id	GHSA-p2j4-vrgx-96qg
reference_type
scores
url	https://github.com/advisories/GHSA-p2j4-vrgx-96qg

fixed_packages

url	pkg:composer/modx/revolution@2.5.7
purl	pkg:composer/modx/revolution@2.5.7
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/modx/revolution@2.5.7

aliases CVE-2017-9071, GHSA-p2j4-vrgx-96qg

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1jqs-phm6-53f4

url VCID-snwa-dg1m-83ae

vulnerability_id VCID-snwa-dg1m-83ae

summary

MODX Revolution Reflected XSS
In MODX Revolution before 2.5.7, an attacker is able to trigger Reflected XSS by injecting payloads into several fields on the setup page, as demonstrated by the database_type parameter.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-9068

reference_id

reference_type

scores

value	0.0024
scoring_system	epss
scoring_elements	0.47421
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-9068

reference_url	https://citadelo.com/en/2017/04/modx-revolution-cms
reference_id
reference_type
scores
url	https://citadelo.com/en/2017/04/modx-revolution-cms

reference_url	https://github.com/modxcms/revolution
reference_id
reference_type
scores
url	https://github.com/modxcms/revolution

reference_url	https://github.com/modxcms/revolution/pull/13424
reference_id
reference_type
scores
url	https://github.com/modxcms/revolution/pull/13424

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2017-9068
reference_id	CVE-2017-9068
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2017-9068

reference_url	https://github.com/advisories/GHSA-vrw6-7vgj-vj7x
reference_id	GHSA-vrw6-7vgj-vj7x
reference_type
scores
url	https://github.com/advisories/GHSA-vrw6-7vgj-vj7x

fixed_packages

url	pkg:composer/modx/revolution@2.5.7
purl	pkg:composer/modx/revolution@2.5.7
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/modx/revolution@2.5.7

aliases CVE-2017-9068, GHSA-vrw6-7vgj-vj7x

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-snwa-dg1m-83ae

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:composer/modx/revolution@2.5.7

Package Instance