EUVD-2016-1751

Malware in sbrugna...

CVE-2024-25300

A cross-site scripting XSS vulnerability in Redaxo v5.15.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter in the Template section...

CVE-2024-25298

An issue was discovered in REDAXO version 5.15.1, allows attackers to execute arbitrary code and obtain sensitive information via modules.modules.php...

CVE-2012-3869

Cross-site scripting XSS vulnerability in include/classes/class.rexlist.inc.php in REDAXO 4.3.x and 4.4 allows remote attackers to inject arbitrary web script or HTML via the subpage parameter to index.php...

GHSA-WPPF-GQJ5-FC4F REDAXO allows Arbitrary File Upload in the mediapool page

Summary An arbitrary file upload vulnerability was identified in the redaxo. This flaw permits users to upload malicious files, which can lead to JavaScript code execution and distribute malware. Details On the latest version of Redaxo, v5.18.2, the mediapool/media page is vulnerable to arbitrary...

REDAXO allows Arbitrary File Upload in the mediapool page

Summary An arbitrary file upload vulnerability was identified in the redaxo. This flaw permits users to upload malicious files, which can lead to JavaScript code execution and distribute malware. Details On the latest version of Redaxo, v5.18.2, the mediapool/media page is vulnerable to arbitrary...

GHSA-7WJ8-856P-QC9M Stored XSS in REDAXO

Summary Stored XSS in REDAXO 5.18.1 - Article / "content/edit". Details On the latest version of Redaxo, v5.18.1, the article name field is susceptible to stored XSS. Impact A malicious actor can easily steal cookie using this stored XSS and perform a session hijacking attack...

Stored XSS in REDAXO

Summary Stored XSS in REDAXO 5.18.1 - Article / "content/edit". Details On the latest version of Redaxo, v5.18.1, the article name field is susceptible to stored XSS. Impact A malicious actor can easily steal cookie using this stored XSS and perform a session hijacking attack...

Directory Traversal

redaxo/source is vulnerable to Directory traversal. The vulnerability is due to insufficient validation of user input in the component /index.php?page=backup/export, allowing malicious actors to craft requests that traverse the file system and access unauthorized files and directories...

CVE-2024-25301

Redaxo v5.15.1 was discovered to contain a remote code execution RCE vulnerability via the component /pages/templates.php...

PT-2024-20871 · Redaxo · Redaxo

Name of the Vulnerable Software and Affected Versions: Redaxo version 5.15.1 Description: A remote code execution RCE issue was discovered in Redaxo via the component "/pages/templates.php". This allows for potential code execution by an attacker. Recommendations: For Redaxo version 5.15.1, as a...

Cross site scripting

Cross-site scripting XSS vulnerability in include/classes/class.rexlist.inc.php in REDAXO 4.3.x and 4.4 allows remote attackers to inject arbitrary web script or HTML via the subpage parameter to index.php...