CVE-2025-64049

Published November 25th, 2025

View on NVD ↗

CVSS v3

4.8

MEDIUM

CVSS v2

N/A

Affected

PROJECTS

Description

A stored cross-site scripting (XSS) vulnerability in the module management component in REDAXO CMS 5.20.0 allows remote users to inject arbitrary web script or HTML via the Output code field in modules. The payload is executed when a user views or edits an article by adding slice that uses the compromised module.

redaxo/core

REDAXO, a PHP-based CMS since 2004. Both simple and flexible.

GitHub

348

vettrivel007/CVE-Disclosures

A repository documenting security vulnerabilities discovered in Free and Open Source Software (FOSS) by VETTRIVEL U

GitHub