5 matches found
CVE-2025-27412
REDAXO is a PHP-based CMS. In Redaxo from 5.0.0 through 5.18.2, the rex-api-result parameter is vulnerable to Reflected cross-site scripting XSS on the page of AddOns. This vulnerability is fixed in 5.18.3...
CVE-2025-27412 REDAXO allows Authenticated Reflected Cross Site Scripting - packages installation
REDAXO is a PHP-based CMS. In Redaxo from 5.0.0 through 5.18.2, the rex-api-result parameter is vulnerable to Reflected cross-site scripting XSS on the page of AddOns. This vulnerability is fixed in 5.18.3...
CVE-2025-27412 REDAXO allows Authenticated Reflected Cross Site Scripting - packages installation
REDAXO is a PHP-based CMS. In Redaxo from 5.0.0 through 5.18.2, the rex-api-result parameter is vulnerable to Reflected cross-site scripting XSS on the page of AddOns. This vulnerability is fixed in 5.18.3...
CVE-2025-27412
CVE-2025-27412 concerns the REDAXO PHP-based CMS. Versions 5.0.0 through 5.18.2 expose a reflected XSS vulnerability in the rex-api-result parameter on the AddOns page. The issue allows an attacker to inject malicious scripts via crafted input, potentially affecting affected administrator session...
CVE-2025-27412
creationtimestamp| type| source ---|---|--- 2025-03-05 09:03:49+00:00| published-proof-of-concept| https://github.com/redaxo/core/security/advisories/GHSA-8366-xmgf-334f 2025-03-05 16:32:21+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/6557 2025-03-05 18:36:58+00:00| seen|...