Filtered by vendor Redaxo
Subscriptions
Filtered by product Redaxo
Subscriptions
Total
22 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-27412 | 1 Redaxo | 1 Redaxo | 2025-07-01 | 6.1 Medium |
| REDAXO is a PHP-based CMS. In Redaxo from 5.0.0 through 5.18.2, the rex-api-result parameter is vulnerable to Reflected cross-site scripting (XSS) on the page of AddOns. This vulnerability is fixed in 5.18.3. | ||||
| CVE-2025-27411 | 1 Redaxo | 1 Redaxo | 2025-07-01 | 5.4 Medium |
| REDAXO is a PHP-based CMS. In Redaxo before 5.18.3, the mediapool/media page is vulnerable to arbitrary file upload. This vulnerability is fixed in 5.18.3. | ||||
| CVE-2024-13209 | 1 Redaxo | 1 Redaxo | 2025-06-24 | 2.4 Low |
| A vulnerability was found in Redaxo CMS 5.18.1. It has been classified as problematic. Affected is an unknown function of the file /index.php?page=structure&category_id=1&article_id=1&clang=1&function=edit_art&artstart=0 of the component Structure Management Page. The manipulation of the argument Article Name leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-46212 | 1 Redaxo | 1 Redaxo | 2025-06-13 | 4.9 Medium |
| An issue in the component /index.php?page=backup/export of REDAXO CMS v5.17.1 allows attackers to execute a directory traversal. | ||||
| CVE-2024-50803 | 1 Redaxo | 1 Redaxo | 2025-06-13 | 6.1 Medium |
| The mediapool feature of the Redaxo Core CMS application v 5.17.1 is vulnerable to Cross Site Scripting(XSS) which allows a remote attacker to escalate privileges | ||||
| CVE-2024-46209 | 1 Redaxo | 1 Redaxo | 2025-06-13 | 5.4 Medium |
| A stored cross-site scripting (XSS) vulnerability in the component /media/test.html of REDAXO CMS v5.17.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the password parameter. | ||||
| CVE-2024-46210 | 1 Redaxo | 1 Redaxo | 2025-06-13 | 7.2 High |
| An arbitrary file upload vulnerability in the MediaPool module of Redaxo CMS v5.17.1 allows attackers to execute arbitrary code via uploading a crafted file. | ||||
| CVE-2024-46213 | 1 Redaxo | 1 Redaxo | 2025-06-13 | 7.2 High |
| REDAXO CMS v2.11.0 was discovered to contain a remote code execution (RCE) vulnerability. | ||||
| CVE-2024-25301 | 1 Redaxo | 1 Redaxo | 2025-05-12 | 7.2 High |
| Redaxo v5.15.1 was discovered to contain a remote code execution (RCE) vulnerability via the component /pages/templates.php. | ||||
| CVE-2012-3869 | 1 Redaxo | 1 Redaxo | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in include/classes/class.rex_list.inc.php in REDAXO 4.3.x and 4.4 allows remote attackers to inject arbitrary web script or HTML via the subpage parameter to index.php. | ||||
| CVE-2006-2843 | 1 Redaxo | 1 Redaxo | 2025-04-03 | N/A |
| PHP remote file inclusion vulnerability in Redaxo 2.7.4 allows remote attackers to execute arbitrary PHP code via a URL in the (1) REX[INCLUDE_PATH] parameter in (a) addons/import_export/pages/index.inc.php and (b) pages/community.inc.php. | ||||
| CVE-2006-2844 | 1 Redaxo | 1 Redaxo | 2025-04-03 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Redaxo 3.0 allow remote attackers to execute arbitrary PHP code via a URL in the REX[INCLUDE_PATH] parameter to (1) simple_user/pages/index.inc.php and (2) stats/pages/index.inc.php. | ||||
| CVE-2006-2845 | 1 Redaxo | 1 Redaxo | 2025-04-03 | N/A |
| PHP remote file inclusion vulnerability in Redaxo 3.0 up to 3.2 allows remote attackers to execute arbitrary PHP code via a URL in the REX[INCLUDE_PATH] parameter to image_resize/pages/index.inc.php. | ||||
| CVE-2024-25300 | 1 Redaxo | 1 Redaxo | 2025-03-13 | 4.6 Medium |
| A cross-site scripting (XSS) vulnerability in Redaxo v5.15.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter in the Template section. | ||||
| CVE-2024-25298 | 1 Redaxo | 1 Redaxo | 2024-11-21 | 7.2 High |
| An issue was discovered in REDAXO version 5.15.1, allows attackers to execute arbitrary code and obtain sensitive information via modules.modules.php. | ||||
| CVE-2021-39459 | 1 Redaxo | 1 Redaxo | 2024-11-21 | 7.2 High |
| Remote code execution in the modules component in Yakamara Media Redaxo CMS version 5.12.1 allows an authenticated CMS user to execute code on the hosting system via a module containing malicious PHP code. | ||||
| CVE-2021-39458 | 1 Redaxo | 1 Redaxo | 2024-11-21 | 6.5 Medium |
| Triggering an error page of the import process in Yakamara Media Redaxo CMS version 5.12.1 allows an authenticated CMS user has to alternate the files of a vaild file backup. This leads of leaking the database credentials in the environment variables. | ||||
| CVE-2018-18200 | 1 Redaxo | 1 Redaxo | 2024-11-21 | N/A |
| There is a SQL injection in Benutzerverwaltung in REDAXO before 5.6.4. | ||||
| CVE-2018-18199 | 1 Redaxo | 1 Redaxo | 2024-11-21 | N/A |
| Mediamanager in REDAXO before 5.6.4 has XSS. | ||||
| CVE-2018-18198 | 1 Redaxo | 1 Redaxo | 2024-11-21 | N/A |
| The $opener_input_field variable in addons/mediapool/pages/index.php in REDAXO 5.6.3 is not effectively filtered and is output directly to the page. The attacker can insert XSS payloads via an index.php?page=mediapool/media&opener_input_field=[XSS] request. | ||||