CVE-2025-28010: 
PHP vulnerability analysis and mitigation

A cross-site scripting (XSS) vulnerability has been identified in MODX prior to version 3.1.0. The vulnerability was discovered in March 2025 and affects the profile image upload functionality. The vulnerability allows authenticated users to upload SVG files containing malicious JavaScript code as profile images, which gets executed in victims' browsers when viewing the profile image (CVE Database, GitHub POC).

The vulnerability exists due to insufficient validation and sanitization of SVG file uploads in the profile image feature. When an authenticated user uploads a specially crafted SVG file containing embedded JavaScript code, the code gets executed in the context of other users' browsers when they view the profile image. The vulnerability has been assigned a CVSS v3.1 Base Score of 5.4 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N (CVE Database).

The vulnerability can lead to unauthorized execution of JavaScript code in victims' browsers, potentially resulting in session token theft, sensitive data exposure, and unauthorized actions performed on behalf of the victim. The impact is particularly concerning when administrative users view affected profile images, as it could lead to administrative session compromise (GitHub POC).

Organizations should implement several security measures including: enforcing strict input validation to block harmful scripts or tags, implementing proper output encoding for user inputs, deploying a strong Content Security Policy (CSP) to block unauthorized scripts, and upgrading MODX CMS to version 3.1.0 or later which contains the fix for this vulnerability (GitHub POC).