Vulnerabilities > Redaxo > Redaxo > 5.6.2

DATE CVE VULNERABILITY TITLE RISK
2018-10-09 CVE-2018-18200 SQL Injection vulnerability in Redaxo
There is a SQL injection in Benutzerverwaltung in REDAXO before 5.6.4.
network
low complexity
redaxo CWE-89
7.5
7.5
2018-10-09 CVE-2018-18199 Cross-site Scripting vulnerability in Redaxo
Mediamanager in REDAXO before 5.6.4 has XSS.
network
redaxo CWE-79
4.3
4.3
2018-10-01 CVE-2018-17831 SQL Injection vulnerability in Redaxo
In REDAXO before 5.6.3, a critical SQL injection vulnerability has been discovered in the rex_list class because of the prepareQuery function in core/lib/list.php, via the index.php?page=users/users sort parameter.
network
low complexity
redaxo CWE-89
7.5
7.5
2018-10-01 CVE-2018-17830 Cross-site Scripting vulnerability in Redaxo 5.6.2
The $args variable in addons/mediapool/pages/index.php in REDAXO 5.6.2 is not effectively filtered, because names are not restricted (only values are restricted).
network
redaxo CWE-79
3.5
3.5