7 matches found
EUVD-2018-9936
Malware in sbrugna...
CVE-2018-18198
The $openerinputfield variable in addons/mediapool/pages/index.php in REDAXO 5.6.3 is not effectively filtered and is output directly to the page. The attacker can insert XSS payloads via an index.php?page=mediapool/media&openerinputfield=XSS request...
CVE-2018-18198
The $openerinputfield variable in addons/mediapool/pages/index.php in REDAXO 5.6.3 is not effectively filtered and is output directly to the page. The attacker can insert XSS payloads via an index.php?page=mediapool/media&openerinputfield=XSS request...
Cross site request forgery (csrf)
The $openerinputfield variable in addons/mediapool/pages/index.php in REDAXO 5.6.3 is not effectively filtered and is output directly to the page. The attacker can insert XSS payloads via an index.php?page=mediapool/media&openerinputfield=XSS request...
CVE-2018-18198
The $openerinputfield variable in addons/mediapool/pages/index.php in REDAXO 5.6.3 is not effectively filtered and is output directly to the page. The attacker can insert XSS payloads via an index.php?page=mediapool/media&openerinputfield=XSS request...
CVE-2018-18198
The CVE-2018-18198 issue affects REDAXO 5.6.3 via addons/mediapool/pages/index.php where the $opener_input_field is not properly filtered and is echoed to the page. This allows an attacker to inject XSS payloads through a request such as index.php?page=mediapool/media&opener_input_field=[XSS]. Re...
CVE-2018-17831
In REDAXO before 5.6.3, a critical SQL injection vulnerability has been discovered in the rexlist class because of the prepareQuery function in core/lib/list.php, via the index.php?page=users/users sort parameter. Endangered was the backend and the frontend only if rexlist were used...