CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2018-18198

The $opener_input_field variable in addons/mediapool/pages/index.php in REDAXO 5.6.3 is not effectively filtered and is output directly to the page. The attacker can insert XSS payloads via an index.php?page=mediapool/media&opener_input_field=[XSS] request.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.003

EPSS Ranking 49.8%

CVSS Severity

CVSS v3 Score 6.1

CVSS v2 Score 4.3

References

https://github.com/redaxo/redaxo/releases/tag/5.6.4
https://github.com/redaxo/redaxo4/issues/422
https://github.com/redaxo/redaxo/releases/tag/5.6.4
https://github.com/redaxo/redaxo4/issues/422

Products affected by CVE-2018-18198

Redaxo » Redaxo » Version: 5.6.3

cpe:2.3:a:redaxo:redaxo:5.6.3

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2018-18198

Products

Pricing

Contact Us