CVE-2025-28010

Name of the Vulnerable Software and Affected Versions: MODX versions prior to 3.1.0

Description: A cross-site scripting (XSS) issue has been identified. The issue allows authenticated users to upload SVG files containing malicious JavaScript code as profile images, which gets executed in victims' browsers when viewing the profile image.

Recommendations: For MODX versions prior to 3.1.0, update to version 3.1.0 or later to resolve the issue. As a temporary workaround, consider restricting the upload of SVG files as profile images until a patch is available.