Vulnerabilities > Redaxo > Redaxo > 5.15.1
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-02-17 | CVE-2024-25298 | Code Injection vulnerability in Redaxo 5.15.1 An issue was discovered in REDAXO version 5.15.1, allows attackers to execute arbitrary code and obtain sensitive information via modules.modules.php. | 7.2 |
2024-02-14 | CVE-2024-25300 | Cross-site Scripting vulnerability in Redaxo 5.15.1 A cross-site scripting (XSS) vulnerability in Redaxo v5.15.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter in the Template section. | 4.8 |
2024-02-14 | CVE-2024-25301 | Code Injection vulnerability in Redaxo 5.15.1 Redaxo v5.15.1 was discovered to contain a remote code execution (RCE) vulnerability via the component /pages/templates.php. | 7.2 |