[LOW] MODX allows cross-site scripting (XSS) via an SVG file

PKSA-xzqv-w6dn-tnz5 CVE-2025-28010 GHSA-hm54-fg2w-2g6j

Affected version: <=3.1.0

Reported by:
GitHub

[HIGH] Unrestricted Upload of File with Dangerous Type in MODX Revolution

PKSA-742p-bz18-z52m CVE-2022-26149 GHSA-j8jp-9x42-4pj5

Affected version: <=2.8.3-pl

Reported by:
GitHub