Lucene search
K

322 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 6:10 p.m.9 views

CVE-2021-39459

Remote code execution in the modules component in Yakamara Media Redaxo CMS version 5.12.1 allows an authenticated CMS user to execute code on the hosting system via a module containing malicious PHP code...

9CVSS7.5AI score0.04894EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:7 a.m.5 views

CVE-2018-18199

Mediamanager in REDAXO before 5.6.4 has XSS...

6.1CVSS7AI score0.00829EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:47 a.m.12 views

CVE-2012-3869

Cross-site scripting XSS vulnerability in include/classes/class.rexlist.inc.php in REDAXO 4.3.x and 4.4 allows remote attackers to inject arbitrary web script or HTML via the subpage parameter to index.php...

4.3CVSS5.8AI score0.01206EPSS
Exploits3References1
Veracode
Veracode
added 2025/03/11 1:35 a.m.9 views

Arbitrary File Upload

redaxo/source is vulnerable to Arbitrary File Upload. The vulnerability is due to insufficient validation of uploaded files in the mediapool/media page, allowing attackers to upload and potentially execute malicious files...

5.4CVSS6.8AI score0.00253EPSS
Exploits1References4Affected Software1
Veracode
Veracode
added 2025/03/10 3:56 p.m.10 views

Cross-site Scripting (XSS)

redaxo/source is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper sanitization of the rex-api-result parameter due to insufficient input validation, allowing attackers to inject malicious scripts on the AddOns page...

6.1CVSS6.4AI score0.00266EPSS
Exploits1References3Affected Software1
RedhatCVE
RedhatCVE
added 2025/03/07 4:38 p.m.13 views

CVE-2025-27412

REDAXO is a PHP-based CMS. In Redaxo from 5.0.0 through 5.18.2, the rex-api-result parameter is vulnerable to Reflected cross-site scripting XSS on the page of AddOns. This vulnerability is fixed in 5.18.3...

6.1CVSS5.9AI score0.00266EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/03/07 4:36 p.m.30 views

CVE-2025-27411

REDAXO is a PHP-based CMS. In Redaxo before 5.18.3, the mediapool/media page is vulnerable to arbitrary file upload. This vulnerability is fixed in 5.18.3...

5.4CVSS7AI score0.00253EPSS
Exploits1References1
Github Security Blog
Github Security Blog
added 2025/03/05 7:3 p.m.16 views

REDAXO allows Authenticated Reflected Cross Site Scripting - packages installation

Summary Reflected cross-site scripting XSS is a type of web vulnerability that occurs when a web application fails to properly sanitize user input, allowing an attacker to inject malicious code into the application's response to a user's request. When the user's browser receives the response, the...

6.1CVSS6AI score0.00266EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2025/03/05 7:3 p.m.9 views

GHSA-8366-XMGF-334F REDAXO allows Authenticated Reflected Cross Site Scripting - packages installation

Summary Reflected cross-site scripting XSS is a type of web vulnerability that occurs when a web application fails to properly sanitize user input, allowing an attacker to inject malicious code into the application's response to a user's request. When the user's browser receives the response, the...

6.1CVSS6AI score0.00266EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2025/03/05 6:31 p.m.18 views

REDAXO allows Arbitrary File Upload in the mediapool page

Summary An arbitrary file upload vulnerability was identified in the redaxo. This flaw permits users to upload malicious files, which can lead to JavaScript code execution and distribute malware. Details On the latest version of Redaxo, v5.18.2, the mediapool/media page is vulnerable to arbitrary...

5.4CVSS7.8AI score0.00253EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2025/03/05 6:31 p.m.8 views

GHSA-WPPF-GQJ5-FC4F REDAXO allows Arbitrary File Upload in the mediapool page

Summary An arbitrary file upload vulnerability was identified in the redaxo. This flaw permits users to upload malicious files, which can lead to JavaScript code execution and distribute malware. Details On the latest version of Redaxo, v5.18.2, the mediapool/media page is vulnerable to arbitrary...

5.4CVSS7.8AI score0.00253EPSS
Exploits1References4
Snyk
Snyk
added 2025/03/05 6:31 p.m.7 views

Arbitrary File Upload

Overview Affected versions of this package are vulnerable to Arbitrary File Upload via the mediapool/media page. An attacker can execute malicious code and potentially distribute malware by uploading a file with a modified filename and content-type to masquerade as a benign file type, then tricki...

5.4CVSS7.3AI score0.00253EPSS
Exploits1References2
NVD
NVD
added 2025/03/05 4:15 p.m.13 views

CVE-2025-27412

REDAXO is a PHP-based CMS. In Redaxo from 5.0.0 through 5.18.2, the rex-api-result parameter is vulnerable to Reflected cross-site scripting XSS on the page of AddOns. This vulnerability is fixed in 5.18.3...

6.1CVSS0.00266EPSS
Exploits1References1
NVD
NVD
added 2025/03/05 4:15 p.m.15 views

CVE-2025-27411

REDAXO is a PHP-based CMS. In Redaxo before 5.18.3, the mediapool/media page is vulnerable to arbitrary file upload. This vulnerability is fixed in 5.18.3...

5.4CVSS0.00253EPSS
Exploits1References2
CVE
CVE
added 2025/03/05 3:53 p.m.100 views

CVE-2025-27412

CVE-2025-27412 concerns the REDAXO PHP-based CMS. Versions 5.0.0 through 5.18.2 expose a reflected XSS vulnerability in the rex-api-result parameter on the AddOns page. The issue allows an attacker to inject malicious scripts via crafted input, potentially affecting affected administrator session...

6.1CVSS6AI score0.00266EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2025/03/05 3:53 p.m.9 views

CVE-2025-27412 REDAXO allows Authenticated Reflected Cross Site Scripting - packages installation

REDAXO is a PHP-based CMS. In Redaxo from 5.0.0 through 5.18.2, the rex-api-result parameter is vulnerable to Reflected cross-site scripting XSS on the page of AddOns. This vulnerability is fixed in 5.18.3...

6.1CVSS5.7AI score0.00266EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2025/03/05 3:53 p.m.9 views

CVE-2025-27412 REDAXO allows Authenticated Reflected Cross Site Scripting - packages installation

REDAXO is a PHP-based CMS. In Redaxo from 5.0.0 through 5.18.2, the rex-api-result parameter is vulnerable to Reflected cross-site scripting XSS on the page of AddOns. This vulnerability is fixed in 5.18.3...

6.1CVSS6AI score0.00266EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/03/05 3:53 p.m.13 views

CVE-2025-27412 REDAXO allows Authenticated Reflected Cross Site Scripting - packages installation

REDAXO is a PHP-based CMS. In Redaxo from 5.0.0 through 5.18.2, the rex-api-result parameter is vulnerable to Reflected cross-site scripting XSS on the page of AddOns. This vulnerability is fixed in 5.18.3...

6.1CVSS0.00266EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/03/05 3:42 p.m.10 views

CVE-2025-27411 REDAXO allows Arbitrary File Upload in the mediapool page

REDAXO is a PHP-based CMS. In Redaxo before 5.18.3, the mediapool/media page is vulnerable to arbitrary file upload. This vulnerability is fixed in 5.18.3...

5.4CVSS7AI score0.00253EPSS
Exploits1References2
CVE
CVE
added 2025/03/05 3:42 p.m.147 views

CVE-2025-27411

CVE-2025-27411 concerns REDAXO, a PHP-based CMS. The vulnerability is in the mediapool/media page prior to version 5.18.3, where insufficient validation allows an arbitrary file upload. Documents consistently state that this could enable uploading and potentially executing malicious files, enabli...

5.4CVSS7AI score0.00253EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder