CVE-2025-27412 REDAXO allows Authenticated Reflected Cross Site Scripting - packages installation

REDAXO is a PHP-based CMS. In Redaxo from 5.0.0 through 5.18.2, the rex-api-result parameter is vulnerable to Reflected cross-site scripting XSS on the page of AddOns. This vulnerability is fixed in 5.18.3...