Vulnerabilities > Redaxo > Redaxo > 4.2

DATE CVE VULNERABILITY TITLE RISK
2018-10-09 CVE-2018-18200 SQL Injection vulnerability in Redaxo
There is a SQL injection in Benutzerverwaltung in REDAXO before 5.6.4.
network
low complexity
redaxo CWE-89
critical
 9.8
9.8
2018-10-09 CVE-2018-18199 Cross-site Scripting vulnerability in Redaxo
Mediamanager in REDAXO before 5.6.4 has XSS.
network
low complexity
redaxo CWE-79
6.1
6.1
2018-10-01 CVE-2018-17831 SQL Injection vulnerability in Redaxo
In REDAXO before 5.6.3, a critical SQL injection vulnerability has been discovered in the rex_list class because of the prepareQuery function in core/lib/list.php, via the index.php?page=users/users sort parameter.
network
low complexity
redaxo CWE-89
critical
 9.8
9.8