52 matches found
CVE-2018-25353
Redaxo CMS Mediapool Addon 5.5.1 and older contains an arbitrary file upload vulnerability that allows authenticated users to bypass file extension blacklist restrictions. Attackers with editor accounts can upload executable files by using obfuscated extensions like php71 or php53 to evade the...
CVE-2018-25353 Redaxo CMS Mediapool Addon 5.5.1 Arbitrary File Upload
Redaxo CMS Mediapool Addon 5.5.1 and older contains an arbitrary file upload vulnerability that allows authenticated users to bypass file extension blacklist restrictions. Attackers with editor accounts can upload executable files by using obfuscated extensions like php71 or php53 to evade the...
CVE-2018-25353
Redaxo CMS Mediapool Addon 5.5.1 and older contains an arbitrary file upload vulnerability that allows authenticated users to bypass file extension blacklist restrictions. Attackers with editor accounts can upload executable files by using obfuscated extensions like php71 or php53 to evade the...
CVE-2018-25353 Redaxo CMS Mediapool Addon 5.5.1 Arbitrary File Upload
Redaxo CMS Mediapool Addon 5.5.1 and older contains an arbitrary file upload vulnerability that allows authenticated users to bypass file extension blacklist restrictions. Attackers with editor accounts can upload executable files by using obfuscated extensions like php71 or php53 to evade the...
EUVD-2018-21876
Redaxo CMS Mediapool Addon 5.5.1 and older contains an arbitrary file upload vulnerability that allows authenticated users to bypass file extension blacklist restrictions. Attackers with editor accounts can upload executable files by using obfuscated extensions like php71 or php53 to evade the...
Yakamara Media Redaxo CMS Mediapool Addon 安全漏洞
Yakamara Media Redaxo CMS Mediapool Addon is an extension for media resource management within the REDAXO content management system developed by Yakamara Media. Versions of Yakamara Media Redaxo CMS Mediapool Addon prior to version 5.5.1 contained security vulnerabilities. These vulnerabilities...
CVE-2025-66026
REDAXO is a PHP-based CMS. Prior to version 5.20.1, a reflected Cross-Site Scripting XSS vulnerability exists in the Mediapool view where the request parameter argstypes is rendered into an info banner without HTML-escaping. This allows arbitrary JavaScript execution in the backend context when a...
CVE-2025-66026
REDAXO is a PHP-based CMS. Prior to version 5.20.1, a reflected Cross-Site Scripting XSS vulnerability exists in the Mediapool view where the request parameter argstypes is rendered into an info banner without HTML-escaping. This allows arbitrary JavaScript execution in the backend context when a...
CVE-2025-66026
CVE-2025-66026 is a reflected XSS in REDAXO CMS (pre-5.20.1) affecting the Mediapool view where args[types] is echoed into an info banner without escaping. The root cause is lack of HTML-escaping when rendering the value, allowing an authenticated user to trigger arbitrary JavaScript execution in...
CVE-2025-66026 REDAXO is Vulnerable to Reflected XSS in Mediapool Info Banner via args[types]
REDAXO is a PHP-based CMS. Prior to version 5.20.1, a reflected Cross-Site Scripting XSS vulnerability exists in the Mediapool view where the request parameter argstypes is rendered into an info banner without HTML-escaping. This allows arbitrary JavaScript execution in the backend context when a...
CVE-2025-66026 REDAXO is Vulnerable to Reflected XSS in Mediapool Info Banner via args[types]
REDAXO is a PHP-based CMS. Prior to version 5.20.1, a reflected Cross-Site Scripting XSS vulnerability exists in the Mediapool view where the request parameter argstypes is rendered into an info banner without HTML-escaping. This allows arbitrary JavaScript execution in the backend context when a...
EUVD-2025-199662
REDAXO is a PHP-based CMS. Prior to version 5.20.1, a reflected Cross-Site Scripting XSS vulnerability exists in the Mediapool view where the request parameter argstypes is rendered into an info banner without HTML-escaping. This allows arbitrary JavaScript execution in the backend context when a...
CVE-2025-66026 REDAXO is Vulnerable to Reflected XSS in Mediapool Info Banner via args[types]
REDAXO is a PHP-based CMS. Prior to version 5.20.1, a reflected Cross-Site Scripting XSS vulnerability exists in the Mediapool view where the request parameter argstypes is rendered into an info banner without HTML-escaping. This allows arbitrary JavaScript execution in the backend context when a...
REDAXO 安全漏洞
REDAXO is a content management system from REDAXO open source. A security vulnerability exists in REDAXO versions prior to 5.20.1, which stems from reflective cross-site scripting in the Mediapool view and could lead to arbitrary JavaScript execution...
REDAXO CMS is vulnerable to Reflected XSS in Mediapool Info Banner via args[types]
Summary A reflected Cross-Site Scripting XSS vulnerability exists in the Mediapool view where the request parameter argstypes is rendered into an info banner without HTML-escaping. This allows arbitrary JavaScript execution in the backend context when an authenticated user visits a crafted link...
GHSA-X6VR-Q3VF-VQGQ REDAXO CMS is vulnerable to Reflected XSS in Mediapool Info Banner via args[types]
Summary A reflected Cross-Site Scripting XSS vulnerability exists in the Mediapool view where the request parameter argstypes is rendered into an info banner without HTML-escaping. This allows arbitrary JavaScript execution in the backend context when an authenticated user visits a crafted link...
PT-2025-48111
Name of the Vulnerable Software and Affected Versions REDAXO versions prior to 5.20.1 Description REDAXO is a PHP-based CMS. A reflected Cross-Site Scripting XSS vulnerability exists in the Mediapool view where the request parameter argstypes is rendered into an info banner without HTML-escaping...
EUVD-2018-9576
Malware in sbrugna...
EUVD-2025-6166
Malicious code in bioql PyPI...
CVE-2024-46210
An arbitrary file upload vulnerability in the MediaPool module of Redaxo CMS v5.17.1 allows attackers to execute arbitrary code via uploading a crafted file...