REDAXO is a PHP-based CMS. In Redaxo before 5.18.3, the mediapool/media page is vulnerable to arbitrary file upload. This vulnerability is fixed in 5.18.3.
CVSS Score
5.4
EPSS Score
0.0
Published
2025-03-05
REDAXO is a PHP-based CMS. In Redaxo from 5.0.0 through 5.18.2, the rex-api-result parameter is vulnerable to Reflected cross-site scripting (XSS) on the page of AddOns. This vulnerability is fixed in 5.18.3.
CVSS Score
6.1
EPSS Score
0.0
Published
2025-03-05
An issue was discovered in REDAXO version 5.15.1, allows attackers to execute arbitrary code and obtain sensitive information via modules.modules.php.
CVSS Score
7.2
EPSS Score
0.002
Published
2024-02-17
A cross-site scripting (XSS) vulnerability in Redaxo v5.15.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter in the Template section.
CVSS Score
4.8
EPSS Score
0.001
Published
2024-02-14
Redaxo v5.15.1 was discovered to contain a remote code execution (RCE) vulnerability via the component /pages/templates.php.
CVSS Score
7.2
EPSS Score
0.048
Published
2024-02-14