Advisories for Composer/Redaxo/Source package

2025

REDAXO allows Authenticated Reflected Cross Site Scripting - packages installation

Reflected cross-site scripting (XSS) is a type of web vulnerability that occurs when a web application fails to properly sanitize user input, allowing an attacker to inject malicious code into the application's response to a user's request. When the user's browser receives the response, the malicious code is executed, potentially allowing the attacker to steal sensitive information or take control of the user's account.

REDAXO allows Arbitrary File Upload in the mediapool page

An arbitrary file upload vulnerability was identified in the redaxo. This flaw permits users to upload malicious files, which can lead to JavaScript code execution and distribute malware.

Stored XSS in REDAXO

Stored XSS in REDAXO 5.18.1 - Article / "content/edit".

REDAXO CMS Cross-site Scripting vulnerability

A stored cross-site scripting (XSS) vulnerability in the component /media/test.html of REDAXO CMS v5.17.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the password parameter.

2024

Redaxo Core CMS Cross Site Scripting (XSS)

The mediapool feature of the Redaxo Core CMS application v 5.17.1 is vulnerable to Cross Site Scripting(XSS) which allows a remote attacker to escalate privileges.

Path traversal in redaxo

An issue in the component /index.php?page=backup/export of REDAXO CMS v5.17.1 allows attackers to execute a directory traversal.

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

An issue was discovered in REDAXO version 5.15.1, allows attackers to execute arbitrary code and obtain sensitive information via modules.modules.php.