Redaxo@* Security Vulnerabilities and Issues — Redaxo@* CVE List

Lucene search

RedaxoRedaxo*

5 matches found

CVE•added 2025/03/05 4:15 p.m.•81 views

CVE-2025-27412

REDAXO is a PHP-based CMS. In Redaxo from 5.0.0 through 5.18.2, the rex-api-result parameter is vulnerable to Reflected cross-site scripting (XSS) on the page of AddOns. This vulnerability is fixed in 5.18.3.

6.1CVSS6AI score0.0004EPSS

CVE•added 2025/03/05 4:15 p.m.•60 views

CVE-2025-27411

REDAXO is a PHP-based CMS. In Redaxo before 5.18.3, the mediapool/media page is vulnerable to arbitrary file upload. This vulnerability is fixed in 5.18.3.

5.4CVSS7AI score0.00036EPSS

CVE•added 2018/10/09 10:29 p.m.•37 views

CVE-2018-18200

There is a SQL injection in Benutzerverwaltung in REDAXO before 5.6.4.

9.8CVSS9.8AI score0.00264EPSS

CVE•added 2018/10/01 8:29 a.m.•35 views

CVE-2018-17831

In REDAXO before 5.6.3, a critical SQL injection vulnerability has been discovered in the rex_list class because of the prepareQuery function in core/lib/list.php, via the index.php?page=users/users sort parameter. Endangered was the backend and the frontend only if rex_list were used.

9.8CVSS9.8AI score0.00418EPSS

CVE•added 2018/10/09 10:29 p.m.•30 views

CVE-2018-18199

Mediamanager in REDAXO before 5.6.4 has XSS.

6.1CVSS6.2AI score0.00266EPSS