2 matches found
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS through the article name field in plugins/content/pages/content.php, accessible over the content/edit endpoint. An attacker can steal cookies and perform session hijacking by injecting malicious scripts. Details...
Stored XSS in REDAXO
Summary Stored XSS in REDAXO 5.18.1 - Article / "content/edit". Details On the latest version of Redaxo, v5.18.1, the article name field is susceptible to stored XSS. Impact A malicious actor can easily steal cookie using this stored XSS and perform a session hijacking attack...