Filtered by vendor Redaxo
Subscribe
Total
23 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-27411 | 1 Redaxo | 1 Redaxo | 2025-07-01 | N/A | N/A |
| REDAXO is a PHP-based CMS. In Redaxo before 5.18.3, the mediapool/media page is vulnerable to arbitrary file upload. This vulnerability is fixed in 5.18.3. | |||||
| CVE-2025-27412 | 1 Redaxo | 1 Redaxo | 2025-07-01 | N/A | N/A |
| REDAXO is a PHP-based CMS. In Redaxo from 5.0.0 through 5.18.2, the rex-api-result parameter is vulnerable to Reflected cross-site scripting (XSS) on the page of AddOns. This vulnerability is fixed in 5.18.3. | |||||
| CVE-2024-13209 | 1 Redaxo | 1 Redaxo | 2025-06-24 | N/A | 5.4 MEDIUM |
| A vulnerability was found in Redaxo CMS 5.18.1. It has been classified as problematic. Affected is an unknown function of the file /index.php?page=structure&category_id=1&article_id=1&clang=1&function=edit_art&artstart=0 of the component Structure Management Page. The manipulation of the argument Article Name leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-46212 | 1 Redaxo | 1 Redaxo | 2025-06-13 | N/A | N/A |
| An issue in the component /index.php?page=backup/export of REDAXO CMS v5.17.1 allows attackers to execute a directory traversal. | |||||
| CVE-2024-50803 | 1 Redaxo | 1 Redaxo | 2025-06-13 | N/A | N/A |
| The mediapool feature of the Redaxo Core CMS application v 5.17.1 is vulnerable to Cross Site Scripting(XSS) which allows a remote attacker to escalate privileges | |||||
| CVE-2024-46209 | 1 Redaxo | 1 Redaxo | 2025-06-13 | N/A | N/A |
| A stored cross-site scripting (XSS) vulnerability in the component /media/test.html of REDAXO CMS v5.17.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the password parameter. | |||||
| CVE-2024-46210 | 1 Redaxo | 1 Redaxo | 2025-06-13 | N/A | N/A |
| An arbitrary file upload vulnerability in the MediaPool module of Redaxo CMS v5.17.1 allows attackers to execute arbitrary code via uploading a crafted file. | |||||
| CVE-2024-46213 | 1 Redaxo | 1 Redaxo | 2025-06-13 | N/A | N/A |
| REDAXO CMS v2.11.0 was discovered to contain a remote code execution (RCE) vulnerability. | |||||
| CVE-2024-25301 | 1 Redaxo | 1 Redaxo | 2025-05-12 | N/A | 7.2 HIGH |
| Redaxo v5.15.1 was discovered to contain a remote code execution (RCE) vulnerability via the component /pages/templates.php. | |||||
| CVE-2024-25300 | 1 Redaxo | 1 Redaxo | 2025-03-13 | N/A | 4.8 MEDIUM |
| A cross-site scripting (XSS) vulnerability in Redaxo v5.15.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter in the Template section. | |||||
| CVE-2024-25298 | 1 Redaxo | 1 Redaxo | 2024-08-29 | N/A | 7.2 HIGH |
| An issue was discovered in REDAXO version 5.15.1, allows attackers to execute arbitrary code and obtain sensitive information via modules.modules.php. | |||||
| CVE-2021-39458 | 1 Redaxo | 1 Redaxo | 2022-07-12 | 4.0 MEDIUM | 6.5 MEDIUM |
| Triggering an error page of the import process in Yakamara Media Redaxo CMS version 5.12.1 allows an authenticated CMS user has to alternate the files of a vaild file backup. This leads of leaking the database credentials in the environment variables. | |||||
| CVE-2021-39459 | 1 Redaxo | 1 Redaxo | 2022-03-31 | 9.0 HIGH | 7.2 HIGH |
| Remote code execution in the modules component in Yakamara Media Redaxo CMS version 5.12.1 allows an authenticated CMS user to execute code on the hosting system via a module containing malicious PHP code. | |||||
| CVE-2018-17831 | 1 Redaxo | 1 Redaxo | 2018-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| In REDAXO before 5.6.3, a critical SQL injection vulnerability has been discovered in the rex_list class because of the prepareQuery function in core/lib/list.php, via the index.php?page=users/users sort parameter. Endangered was the backend and the frontend only if rex_list were used. | |||||
| CVE-2018-18198 | 1 Redaxo | 1 Redaxo | 2018-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The $opener_input_field variable in addons/mediapool/pages/index.php in REDAXO 5.6.3 is not effectively filtered and is output directly to the page. The attacker can insert XSS payloads via an index.php?page=mediapool/media&opener_input_field=[XSS] request. | |||||
| CVE-2018-18200 | 1 Redaxo | 1 Redaxo | 2018-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| There is a SQL injection in Benutzerverwaltung in REDAXO before 5.6.4. | |||||
| CVE-2018-18199 | 1 Redaxo | 1 Redaxo | 2018-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Mediamanager in REDAXO before 5.6.4 has XSS. | |||||
| CVE-2018-17830 | 1 Redaxo | 1 Redaxo | 2018-11-15 | 3.5 LOW | 5.4 MEDIUM |
| The $args variable in addons/mediapool/pages/index.php in REDAXO 5.6.2 is not effectively filtered, because names are not restricted (only values are restricted). The attacker can insert XSS payloads via an index.php?page=mediapool/media&opener_input_field=&args[ substring. | |||||
| CVE-2006-2844 | 1 Redaxo | 1 Redaxo | 2018-10-18 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Redaxo 3.0 allow remote attackers to execute arbitrary PHP code via a URL in the REX[INCLUDE_PATH] parameter to (1) simple_user/pages/index.inc.php and (2) stats/pages/index.inc.php. | |||||
| CVE-2006-2843 | 1 Redaxo | 1 Redaxo | 2018-10-18 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in Redaxo 2.7.4 allows remote attackers to execute arbitrary PHP code via a URL in the (1) REX[INCLUDE_PATH] parameter in (a) addons/import_export/pages/index.inc.php and (b) pages/community.inc.php. | |||||