VulnerableCode Package Details - pkg:composer/modx/revolution@2.5.7

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:composer/modx/revolution@2.5.7

Essentials
History (2)

purl	pkg:composer/modx/revolution@2.5.7

Vulnerabilities affecting this package (0)

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerabilities fixed by this package (2)

Vulnerability	Summary	Aliases
VCID-1jqs-phm6-53f4	MODX Revolution XSS via HTTP Host header In MODX Revolution before 2.5.7, an attacker might be able to trigger XSS by injecting a payload into the HTTP Host header of a request. This is exploitable only in conjunction with other issues such as Cache Poisoning.	CVE-2017-9071 GHSA-p2j4-vrgx-96qg
VCID-snwa-dg1m-83ae	MODX Revolution Reflected XSS In MODX Revolution before 2.5.7, an attacker is able to trigger Reflected XSS by injecting payloads into several fields on the setup page, as demonstrated by the database_type parameter.	CVE-2017-9068 GHSA-vrw6-7vgj-vj7x

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-05-30T20:59:24.446465+00:00	GitLab Importer	Fixing	VCID-snwa-dg1m-83ae	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/modx/revolution/CVE-2017-9068.yml	38.6.0
2026-05-30T20:59:21.279369+00:00	GitLab Importer	Fixing	VCID-1jqs-phm6-53f4	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/modx/revolution/CVE-2017-9071.yml	38.6.0