Vulnerabilities > Redaxo > Redaxo > 5.15.1

DATE CVE VULNERABILITY TITLE RISK
2024-02-17 CVE-2024-25298 Code Injection vulnerability in Redaxo 5.15.1
An issue was discovered in REDAXO version 5.15.1, allows attackers to execute arbitrary code and obtain sensitive information via modules.modules.php.
network
low complexity
redaxo CWE-94
7.2
7.2
2024-02-14 CVE-2024-25300 Cross-site Scripting vulnerability in Redaxo 5.15.1
A cross-site scripting (XSS) vulnerability in Redaxo v5.15.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter in the Template section.
network
low complexity
redaxo CWE-79
4.8
4.8
2024-02-14 CVE-2024-25301 Code Injection vulnerability in Redaxo 5.15.1
Redaxo v5.15.1 was discovered to contain a remote code execution (RCE) vulnerability via the component /pages/templates.php.
network
low complexity
redaxo CWE-94
7.2
7.2