CVE-2018-18198

Published
View on NVD ↗
CVSS v3
N/A
CVSS v2
4.3
MEDIUM
Affected
2
PROJECTS

Description

The $opener_input_field variable in addons/mediapool/pages/index.php in REDAXO 5.6.3 is not effectively filtered and is output directly to the page. The attacker can insert XSS payloads via an index.php?page=mediapool/media&opener_input_field=[XSS] request.

redaxo/redaxo4
redaxo/redaxo4
REDAXO 4
GitHubGitHub
42
redaxo/core
redaxo/core
REDAXO, a PHP-based CMS since 2004. Both simple and flexible.
GitHubGitHub
348