Filtered by vendor Redaxo
Subscriptions
Filtered by product Redaxo
Subscriptions
Total
22 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-17831 | 1 Redaxo | 1 Redaxo | 2024-11-21 | N/A |
| In REDAXO before 5.6.3, a critical SQL injection vulnerability has been discovered in the rex_list class because of the prepareQuery function in core/lib/list.php, via the index.php?page=users/users sort parameter. Endangered was the backend and the frontend only if rex_list were used. | ||||
| CVE-2018-17830 | 1 Redaxo | 1 Redaxo | 2024-11-21 | N/A |
| The $args variable in addons/mediapool/pages/index.php in REDAXO 5.6.2 is not effectively filtered, because names are not restricted (only values are restricted). The attacker can insert XSS payloads via an index.php?page=mediapool/media&opener_input_field=&args[ substring. | ||||