322 matches found
CVE-2021-39459
Remote code execution in the modules component in Yakamara Media Redaxo CMS version 5.12.1 allows an authenticated CMS user to execute code on the hosting system via a module containing malicious PHP code...
CVE-2018-18199
Mediamanager in REDAXO before 5.6.4 has XSS...
CVE-2012-3869
Cross-site scripting XSS vulnerability in include/classes/class.rexlist.inc.php in REDAXO 4.3.x and 4.4 allows remote attackers to inject arbitrary web script or HTML via the subpage parameter to index.php...
Arbitrary File Upload
redaxo/source is vulnerable to Arbitrary File Upload. The vulnerability is due to insufficient validation of uploaded files in the mediapool/media page, allowing attackers to upload and potentially execute malicious files...
Cross-site Scripting (XSS)
redaxo/source is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper sanitization of the rex-api-result parameter due to insufficient input validation, allowing attackers to inject malicious scripts on the AddOns page...
CVE-2025-27412
REDAXO is a PHP-based CMS. In Redaxo from 5.0.0 through 5.18.2, the rex-api-result parameter is vulnerable to Reflected cross-site scripting XSS on the page of AddOns. This vulnerability is fixed in 5.18.3...
CVE-2025-27411
REDAXO is a PHP-based CMS. In Redaxo before 5.18.3, the mediapool/media page is vulnerable to arbitrary file upload. This vulnerability is fixed in 5.18.3...
REDAXO allows Authenticated Reflected Cross Site Scripting - packages installation
Summary Reflected cross-site scripting XSS is a type of web vulnerability that occurs when a web application fails to properly sanitize user input, allowing an attacker to inject malicious code into the application's response to a user's request. When the user's browser receives the response, the...
GHSA-8366-XMGF-334F REDAXO allows Authenticated Reflected Cross Site Scripting - packages installation
Summary Reflected cross-site scripting XSS is a type of web vulnerability that occurs when a web application fails to properly sanitize user input, allowing an attacker to inject malicious code into the application's response to a user's request. When the user's browser receives the response, the...
REDAXO allows Arbitrary File Upload in the mediapool page
Summary An arbitrary file upload vulnerability was identified in the redaxo. This flaw permits users to upload malicious files, which can lead to JavaScript code execution and distribute malware. Details On the latest version of Redaxo, v5.18.2, the mediapool/media page is vulnerable to arbitrary...
GHSA-WPPF-GQJ5-FC4F REDAXO allows Arbitrary File Upload in the mediapool page
Summary An arbitrary file upload vulnerability was identified in the redaxo. This flaw permits users to upload malicious files, which can lead to JavaScript code execution and distribute malware. Details On the latest version of Redaxo, v5.18.2, the mediapool/media page is vulnerable to arbitrary...
Arbitrary File Upload
Overview Affected versions of this package are vulnerable to Arbitrary File Upload via the mediapool/media page. An attacker can execute malicious code and potentially distribute malware by uploading a file with a modified filename and content-type to masquerade as a benign file type, then tricki...
CVE-2025-27412
REDAXO is a PHP-based CMS. In Redaxo from 5.0.0 through 5.18.2, the rex-api-result parameter is vulnerable to Reflected cross-site scripting XSS on the page of AddOns. This vulnerability is fixed in 5.18.3...
CVE-2025-27411
REDAXO is a PHP-based CMS. In Redaxo before 5.18.3, the mediapool/media page is vulnerable to arbitrary file upload. This vulnerability is fixed in 5.18.3...
CVE-2025-27412
CVE-2025-27412 concerns the REDAXO PHP-based CMS. Versions 5.0.0 through 5.18.2 expose a reflected XSS vulnerability in the rex-api-result parameter on the AddOns page. The issue allows an attacker to inject malicious scripts via crafted input, potentially affecting affected administrator session...
CVE-2025-27412 REDAXO allows Authenticated Reflected Cross Site Scripting - packages installation
REDAXO is a PHP-based CMS. In Redaxo from 5.0.0 through 5.18.2, the rex-api-result parameter is vulnerable to Reflected cross-site scripting XSS on the page of AddOns. This vulnerability is fixed in 5.18.3...
CVE-2025-27412 REDAXO allows Authenticated Reflected Cross Site Scripting - packages installation
REDAXO is a PHP-based CMS. In Redaxo from 5.0.0 through 5.18.2, the rex-api-result parameter is vulnerable to Reflected cross-site scripting XSS on the page of AddOns. This vulnerability is fixed in 5.18.3...
CVE-2025-27412 REDAXO allows Authenticated Reflected Cross Site Scripting - packages installation
REDAXO is a PHP-based CMS. In Redaxo from 5.0.0 through 5.18.2, the rex-api-result parameter is vulnerable to Reflected cross-site scripting XSS on the page of AddOns. This vulnerability is fixed in 5.18.3...
CVE-2025-27411 REDAXO allows Arbitrary File Upload in the mediapool page
REDAXO is a PHP-based CMS. In Redaxo before 5.18.3, the mediapool/media page is vulnerable to arbitrary file upload. This vulnerability is fixed in 5.18.3...
CVE-2025-27411
CVE-2025-27411 concerns REDAXO, a PHP-based CMS. The vulnerability is in the mediapool/media page prior to version 5.18.3, where insufficient validation allows an arbitrary file upload. Documents consistently state that this could enable uploading and potentially executing malicious files, enabli...