REDAXO has reflected XSS in backend Metainfo API via type parameter (CSRF token required)

Summary A reflected XSS vulnerability has been identified in the REDAXO backend. The type parameter is concatenated into an API error message and rendered without HTML escaping. --- Details Root cause User input type is injected into an exception message, then rendered by rexview::error which...