Mediamanager in REDAXO before 5.6.4 has XSS.
CVSS Score
6.1
EPSS Score
0.003
Published
2018-10-09
There is a SQL injection in Benutzerverwaltung in REDAXO before 5.6.4.
CVSS Score
9.8
EPSS Score
0.003
Published
2018-10-09
In REDAXO before 5.6.3, a critical SQL injection vulnerability has been discovered in the rex_list class because of the prepareQuery function in core/lib/list.php, via the index.php?page=users/users sort parameter. Endangered was the backend and the frontend only if rex_list were used.
CVSS Score
9.8
EPSS Score
0.004
Published
2018-10-01
Cross-site scripting (XSS) vulnerability in include/classes/class.rex_list.inc.php in REDAXO 4.3.x and 4.4 allows remote attackers to inject arbitrary web script or HTML via the subpage parameter to index.php.
CVSS Score
4.3
EPSS Score
0.004
Published
2012-08-13