Vulnerabilities > Redaxo > Redaxo > 5.6.3

DATE CVE VULNERABILITY TITLE RISK
2018-10-09 CVE-2018-18200 SQL Injection vulnerability in Redaxo
There is a SQL injection in Benutzerverwaltung in REDAXO before 5.6.4.
network
low complexity
redaxo CWE-89
7.5
7.5
2018-10-09 CVE-2018-18199 Cross-site Scripting vulnerability in Redaxo
Mediamanager in REDAXO before 5.6.4 has XSS.
network
redaxo CWE-79
4.3
4.3
2018-10-09 CVE-2018-18198 Cross-site Scripting vulnerability in Redaxo 5.6.3
The $opener_input_field variable in addons/mediapool/pages/index.php in REDAXO 5.6.3 is not effectively filtered and is output directly to the page.
network
redaxo CWE-79
4.3
4.3