[MEDIUM] REDAXO allows Authenticated Reflected Cross Site Scripting - packages installation

PKSA-76dy-z23y-9p4c CVE-2025-27412 GHSA-8366-xmgf-334f

Affected version: >=5.0.0,<5.18.3

Reported by:
GitHub

[MEDIUM] REDAXO allows Arbitrary File Upload in the mediapool page

PKSA-t5ch-tqpp-j3n9 CVE-2025-27411 GHSA-wppf-gqj5-fc4f

Affected version: <5.18.3

Reported by:
GitHub