REDAXO has reflected XSS backend packages API via function parameter (CSRF token required)

Summary A reflected XSS vulnerability has been identified in the REDAXO backend. The function parameter is concatenated into an API error message and rendered without HTML escaping. --- Details Root cause User input function is injected into an exception message, then rendered by rexview::error...