GHSA-XQ4J-G85Q-WF97 REDAXO has reflected XSS backend packages API via function parameter (CSRF token required)

Summary A reflected XSS vulnerability has been identified in the REDAXO backend. The function parameter is concatenated into an API error message and rendered without HTML escaping. --- Details Root cause User input function is injected into an exception message, then rendered by rexview::error...

REDAXO has reflected XSS in backend Metainfo API via type parameter (CSRF token required)

Summary A reflected XSS vulnerability has been identified in the REDAXO backend. The type parameter is concatenated into an API error message and rendered without HTML escaping. --- Details Root cause User input type is injected into an exception message, then rendered by rexview::error which...