{"id":"BIT-modx-2020-25911","details":"A XML External Entity (XXE) vulnerability was discovered in the modRestServiceRequest component in MODX CMS 2.7.3 which can lead to an information disclosure or denial of service (DOS).","aliases":["CVE-2020-25911","GHSA-vhfp-9wvj-gwvg"],"modified":"2024-03-06T11:25:28.861Z","published":"2024-03-06T10:56:22.463Z","database_specific":{"cpes":["cpe:2.3:a:modx:modx_revolution:2.7.3:*:*:*:*:*:*:*"],"severity":"Critical"},"references":[{"type":"WEB","url":"https://github.com/dahua966/Vul_disclose/blob/main/XXE_modxcms.md"},{"type":"WEB","url":"https://github.com/modxcms/revolution/issues/15237"}],"affected":[{"package":{"name":"modx","ecosystem":"Bitnami","purl":"pkg:bitnami/modx"},"ranges":[{"type":"SEMVER","events":[{"introduced":"2.7.3"},{"last_affected":"2.7.3"}]}],"database_specific":{"source":"https://github.com/bitnami/vulndb/tree/main/data/modx/BIT-modx-2020-25911.json"},"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"}]}],"schema_version":"1.7.3"}