Lucene search
K

322 matches found

OSV
OSV
added 2025/11/25 6:32 p.m.2 views

GHSA-VQC7-7FJ4-3FM3 REDAXO CMS is vulnerable to XSS through its module management component

A stored cross-site scripting XSS vulnerability in the module management component in REDAXO CMS 5.20.0 allows remote users to inject arbitrary web script or HTML via the Output code field in modules. The payload is executed when a user views or edits an article by adding slice that uses the...

4.8CVSS5.6AI score0.00264EPSS
Exploits2References5
NVD
NVD
added 2025/11/25 4:16 p.m.8 views

CVE-2025-64050

A Remote Code Execution RCE vulnerability in the template management component in REDAXO CMS 5.20.0 allows remote authenticated administrators to execute arbitrary operating system commands by injecting PHP code into an active template. The payload is executed when visitors access frontend pages...

7.2CVSS0.00794EPSS
Exploits2References3
NVD
NVD
added 2025/11/25 4:16 p.m.15 views

CVE-2025-64049

A stored cross-site scripting XSS vulnerability in the module management component in REDAXO CMS 5.20.0 allows remote users to inject arbitrary web script or HTML via the Output code field in modules. The payload is executed when a user views or edits an article by adding slice that uses the...

4.8CVSS0.00264EPSS
Exploits2References3
OSV
OSV
added 2025/11/25 4:16 p.m.5 views

CVE-2025-64049

A stored cross-site scripting XSS vulnerability in the module management component in REDAXO CMS 5.20.0 allows remote users to inject arbitrary web script or HTML via the Output code field in modules. The payload is executed when a user views or edits an article by adding slice that uses the...

4.8CVSS5.6AI score0.00264EPSS
Exploits2References3
OSV
OSV
added 2025/11/25 4:16 p.m.6 views

CVE-2025-64050

A Remote Code Execution RCE vulnerability in the template management component in REDAXO CMS 5.20.0 allows remote authenticated administrators to execute arbitrary operating system commands by injecting PHP code into an active template. The payload is executed when visitors access frontend pages...

7.2CVSS8.1AI score0.00794EPSS
Exploits2References3
CNNVD
CNNVD
added 2025/11/25 12:0 a.m.10 views

REDAXO 安全漏洞

REDAXO is a content management system from REDAXO open source. A security vulnerability exists in REDAXO version 5.20.0, which stems from improper handling of the Output code field in the module management component and could lead to a stored cross-site scripting attack...

4.8CVSS5.9AI score0.00264EPSS
Exploits2References4
Vulnrichment
Vulnrichment
added 2025/11/25 12:0 a.m.3 views

CVE-2025-64050

A Remote Code Execution RCE vulnerability in the template management component in REDAXO CMS 5.20.0 allows remote authenticated administrators to execute arbitrary operating system commands by injecting PHP code into an active template. The payload is executed when visitors access frontend pages...

7.7AI score0.00794EPSS
Exploits2References3
Positive Technologies
Positive Technologies
added 2025/11/25 12:0 a.m.5 views

PT-2025-48037

Name of the Vulnerable Software and Affected Versions REDAXO CMS version 5.20.0 Description A stored cross-site scripting XSS issue exists in the module management component of REDAXO CMS. A remote user can inject arbitrary web script or HTML through the Output code field within modules. This...

4.8CVSS5.6AI score0.00264EPSS
Exploits2References11
CNNVD
CNNVD
added 2025/11/25 12:0 a.m.4 views

REDAXO 安全漏洞

REDAXO is a content management system from REDAXO open source. A security vulnerability exists in REDAXO version 5.20.0, which stems from a template management component that allows injection of PHP code, potentially leading to remote code execution...

7.2CVSS7.9AI score0.00794EPSS
Exploits2References4
Cvelist
Cvelist
added 2025/11/25 12:0 a.m.11 views

CVE-2025-64050

A Remote Code Execution RCE vulnerability in the template management component in REDAXO CMS 5.20.0 allows remote authenticated administrators to execute arbitrary operating system commands by injecting PHP code into an active template. The payload is executed when visitors access frontend pages...

0.00794EPSS
Exploits2References3
Cvelist
Cvelist
added 2025/11/25 12:0 a.m.11 views

CVE-2025-64049

A stored cross-site scripting XSS vulnerability in the module management component in REDAXO CMS 5.20.0 allows remote users to inject arbitrary web script or HTML via the Output code field in modules. The payload is executed when a user views or edits an article by adding slice that uses the...

0.00264EPSS
Exploits2References3
CVE
CVE
added 2025/11/25 12:0 a.m.12 views

CVE-2025-64049

CVE-2025-64049 describes a stored XSS in REDAXO CMS 5.20.0, specifically in the module management component. The vulnerability allows remote attackers to inject arbitrary web script or HTML via the Output code field in modules; the payload executes when a user views or edits an article that inclu...

4.8CVSS5.3AI score0.00264EPSS
Exploits2References3Affected Software1
CVE
CVE
added 2025/11/25 12:0 a.m.18 views

CVE-2025-64050

The CVE describes a Remote Code Execution in REDAXO CMS (v5.20.0) tied to the template management component. An authenticated administrator can inject PHP code into an active template, leading to command execution when frontend pages render the compromised template. Impact is high (CVE metrics sh...

7.2CVSS7.7AI score0.00794EPSS
Exploits2References3Affected Software1
Vulnrichment
Vulnrichment
added 2025/11/25 12:0 a.m.2 views

CVE-2025-64049

A stored cross-site scripting XSS vulnerability in the module management component in REDAXO CMS 5.20.0 allows remote users to inject arbitrary web script or HTML via the Output code field in modules. The payload is executed when a user views or edits an article by adding slice that uses the...

5.3AI score0.00264EPSS
Exploits2References3
Positive Technologies
Positive Technologies
added 2025/11/25 12:0 a.m.9 views

PT-2025-48038

Name of the Vulnerable Software and Affected Versions REDAXO CMS version 5.20.0 Description A Remote Code Execution RCE issue exists in the template management component of REDAXO CMS. A remote, authenticated administrator can execute arbitrary operating system commands by injecting PHP code into...

7.2CVSS7.6AI score0.00794EPSS
Exploits2References6
GithubExploit
GithubExploit
added 2025/11/20 4:57 p.m.170 views

Exploit for CVE-2025-64049

CVE-Disclosures Welcome to the CVE disclosures section of thi...

7.2CVSS6.3AI score0.00794EPSS
Exploits3
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2018-9937

Malware in sbrugna...

6.1CVSS6.3AI score0.00829EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2018-9576

Malware in sbrugna...

5.4CVSS5.5AI score0.00684EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2018-9577

Malware in sbrugna...

9.8CVSS9.5AI score0.02053EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2018-9938

Malware in sbrugna...

9.8CVSS9.5AI score0.01421EPSS
Exploits0References2
Rows per page
Query Builder