Vulnerabilities > Redaxo > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-02-14 | CVE-2024-25300 | Cross-site Scripting vulnerability in Redaxo 5.15.1 A cross-site scripting (XSS) vulnerability in Redaxo v5.15.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter in the Template section. | 4.8 |
| 2021-09-09 | CVE-2021-39458 | Information Exposure Through an Error Message vulnerability in Redaxo 5.12.1 Triggering an error page of the import process in Yakamara Media Redaxo CMS version 5.12.1 allows an authenticated CMS user has to alternate the files of a vaild file backup. | 4.0 |
| 2018-10-09 | CVE-2018-18199 | Cross-site Scripting vulnerability in Redaxo Mediamanager in REDAXO before 5.6.4 has XSS. | 4.3 |
| 2018-10-09 | CVE-2018-18198 | Cross-site Scripting vulnerability in Redaxo 5.6.3 The $opener_input_field variable in addons/mediapool/pages/index.php in REDAXO 5.6.3 is not effectively filtered and is output directly to the page. | 4.3 |
| 2018-08-25 | CVE-2018-15850 | Cross-Site Request Forgery (CSRF) vulnerability in Redaxo CMS 4.7.2 An issue was discovered in REDAXO CMS 4.7.2. | 6.8 |
| 2012-08-13 | CVE-2012-3869 | Cross-Site Scripting vulnerability in Redaxo Cross-site scripting (XSS) vulnerability in include/classes/class.rex_list.inc.php in REDAXO 4.3.x and 4.4 allows remote attackers to inject arbitrary web script or HTML via the subpage parameter to index.php. | 4.3 |