Advisories for Composer/Redaxo/Source package

2025

Stored XSS in REDAXO

Stored XSS in REDAXO 5.18.1 - Article / "content/edit".

REDAXO CMS Cross-site Scripting vulnerability

A stored cross-site scripting (XSS) vulnerability in the component /media/test.html of REDAXO CMS v5.17.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the password parameter.

2024

Redaxo Core CMS Cross Site Scripting (XSS)

The mediapool feature of the Redaxo Core CMS application v 5.17.1 is vulnerable to Cross Site Scripting(XSS) which allows a remote attacker to escalate privileges.

Path traversal in redaxo

An issue in the component /index.php?page=backup/export of REDAXO CMS v5.17.1 allows attackers to execute a directory traversal.

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

An issue was discovered in REDAXO version 5.15.1, allows attackers to execute arbitrary code and obtain sensitive information via modules.modules.php.