redaxo/source Security Advisories for 5.18.2 (5)
-
[MEDIUM] REDAXO CMS is vulnerable to Reflected XSS in Mediapool Info Banner via args[types]
PKSA-dcqq-vjpq-jyz4 CVE-2025-66026 GHSA-x6vr-q3vf-vqgq
Affected version: <5.20.1
Reported by:
GitHub -
[MEDIUM] REDAXO CMS is vulnerable to XSS through its module management component
PKSA-wmbc-n846-7h2f CVE-2025-64049 GHSA-vqc7-7fj4-3fm3
Affected version: <5.20.1
Reported by:
GitHub -
[HIGH] REDAXO CMS is vulnerable to RCE attack through its template management component
PKSA-wnfn-tqc3-fmcx CVE-2025-64050 GHSA-xj9j-gjxg-7jvq
Affected version: <5.20.1
Reported by:
GitHub -
[MEDIUM] REDAXO allows Authenticated Reflected Cross Site Scripting - packages installation
PKSA-76dy-z23y-9p4c CVE-2025-27412 GHSA-8366-xmgf-334f
Affected version: >=5.0.0,<5.18.3
Reported by:
GitHub -
[MEDIUM] REDAXO allows Arbitrary File Upload in the mediapool page
PKSA-t5ch-tqpp-j3n9 CVE-2025-27411 GHSA-wppf-gqj5-fc4f
Affected version: <5.18.3
Reported by:
GitHub