Redaxo Core CMS Cross Site Scripting (XSS)
The mediapool feature of the Redaxo Core CMS application v 5.17.1 is vulnerable to Cross Site Scripting(XSS) which allows a remote attacker to escalate privileges.
Advisories for Composer/Redaxo/Source package
2024
Path traversal in redaxo
An issue in the component /index.php?page=backup/export of REDAXO CMS v5.17.1 allows attackers to execute a directory traversal.
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
An issue was discovered in REDAXO version 5.15.1, allows attackers to execute arbitrary code and obtain sensitive information via modules.modules.php.