14 matches found
EUVD-2018-9577
Malware in sbrugna...
EUVD-2016-1751
Malware in sbrugna...
CVE-2024-25300
A cross-site scripting XSS vulnerability in Redaxo v5.15.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter in the Template section...
CVE-2024-25298
An issue was discovered in REDAXO version 5.15.1, allows attackers to execute arbitrary code and obtain sensitive information via modules.modules.php...
CVE-2012-3869
Cross-site scripting XSS vulnerability in include/classes/class.rexlist.inc.php in REDAXO 4.3.x and 4.4 allows remote attackers to inject arbitrary web script or HTML via the subpage parameter to index.php...
REDAXO allows Arbitrary File Upload in the mediapool page
Summary An arbitrary file upload vulnerability was identified in the redaxo. This flaw permits users to upload malicious files, which can lead to JavaScript code execution and distribute malware. Details On the latest version of Redaxo, v5.18.2, the mediapool/media page is vulnerable to arbitrary...
GHSA-WPPF-GQJ5-FC4F REDAXO allows Arbitrary File Upload in the mediapool page
Summary An arbitrary file upload vulnerability was identified in the redaxo. This flaw permits users to upload malicious files, which can lead to JavaScript code execution and distribute malware. Details On the latest version of Redaxo, v5.18.2, the mediapool/media page is vulnerable to arbitrary...
GHSA-7WJ8-856P-QC9M Stored XSS in REDAXO
Summary Stored XSS in REDAXO 5.18.1 - Article / "content/edit". Details On the latest version of Redaxo, v5.18.1, the article name field is susceptible to stored XSS. Impact A malicious actor can easily steal cookie using this stored XSS and perform a session hijacking attack...
Stored XSS in REDAXO
Summary Stored XSS in REDAXO 5.18.1 - Article / "content/edit". Details On the latest version of Redaxo, v5.18.1, the article name field is susceptible to stored XSS. Impact A malicious actor can easily steal cookie using this stored XSS and perform a session hijacking attack...
REDAXO 安全漏洞
REDAXO is a content management system from REDAXO open source. A security vulnerability exists in REDAXO v5.17.1, which originates from an arbitrary file upload in the MediaPool module, allowing an attacker to execute arbitrary code by uploading a crafted file...
Directory Traversal
redaxo/source is vulnerable to Directory traversal. The vulnerability is due to insufficient validation of user input in the component /index.php?page=backup/export, allowing malicious actors to craft requests that traverse the file system and access unauthorized files and directories...
CVE-2024-25301
Redaxo v5.15.1 was discovered to contain a remote code execution RCE vulnerability via the component /pages/templates.php...
PT-2024-20871 · Redaxo · Redaxo
Name of the Vulnerable Software and Affected Versions: Redaxo version 5.15.1 Description: A remote code execution RCE issue was discovered in Redaxo via the component "/pages/templates.php". This allows for potential code execution by an attacker. Recommendations: For Redaxo version 5.15.1, as a...
Cross site scripting
Cross-site scripting XSS vulnerability in include/classes/class.rexlist.inc.php in REDAXO 4.3.x and 4.4 allows remote attackers to inject arbitrary web script or HTML via the subpage parameter to index.php...