CVE-2018-17830
The CVE-2018-17830 entry concerns REDAXO 5.6.2 where the $args variable in addons/mediapool/pages/index.php is not effectively filtered because parameter names are not restricted (only values). This allows an attacker to inject XSS payloads via the URL parameter like index.php?page=mediapool/medi...