Security Advisory

CVE-2025-28010

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-03-13 00:00:00

Last updated 2025-03-19 14:53:43

Assigner mitre

State PUBLISHED

Description

A cross-site scripting (XSS) vulnerability has been identified in MODX prior to 3.1.0. The vulnerability allows authenticated users to upload SVG files containing malicious JavaScript code as profile images, which gets executed in victims browsers when viewing the profile image.

← Browse all CVEs View on cve.org ↗