REDAXO is a PHP-based CMS. In Redaxo before 5.18.3, the mediapool/media page is vulnerable to arbitrary file upload. This vulnerability is fixed in 5.18.3.
CVSS Score
5.4
EPSS Score
0.001
Published
2025-03-05
REDAXO is a PHP-based CMS. In Redaxo from 5.0.0 through 5.18.2, the rex-api-result parameter is vulnerable to Reflected cross-site scripting (XSS) on the page of AddOns. This vulnerability is fixed in 5.18.3.
CVSS Score
6.1
EPSS Score
0.001
Published
2025-03-05
The $opener_input_field variable in addons/mediapool/pages/index.php in REDAXO 5.6.3 is not effectively filtered and is output directly to the page. The attacker can insert XSS payloads via an index.php?page=mediapool/media&opener_input_field=[XSS] request.
CVSS Score
6.1
EPSS Score
0.003
Published
2018-10-09
Mediamanager in REDAXO before 5.6.4 has XSS.
CVSS Score
6.1
EPSS Score
0.003
Published
2018-10-09
There is a SQL injection in Benutzerverwaltung in REDAXO before 5.6.4.
CVSS Score
9.8
EPSS Score
0.003
Published
2018-10-09