redaxo/redaxo4

redaxo/redaxo4

Releases29

Frequency6 months 1 day

Last Release over 7 years ago

Stars42

REDAXO 4

Log in to subscribe

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2018-18198 ↗	Oct 9, 2018Tuesday, 9 October 2018, 22:29	—	4.3 MEDIUM
The $opener_input_field variable in addons/mediapool/pages/index.php in REDAXO 5.6.3 is not effectively filtered and is output directly to the page. The attacker can insert XSS payloads via an index.php?page=mediapool/media&opener_input_field=[XSS] request.
CVE-2018-17830 ↗	Oct 1, 2018Monday, 1 October 2018, 08:29	—	3.5 LOW
The $args variable in addons/mediapool/pages/index.php in REDAXO 5.6.2 is not effectively filtered, because names are not restricted (only values are restricted). The attacker can insert XSS payloads via an index.php?page=mediapool/media&opener_input_field=&args[ substring.
CVE-2018-15850 ↗	Aug 25, 2018Saturday, 25 August 2018, 21:29	—	6.8 MEDIUM
An issue was discovered in REDAXO CMS 4.7.2. There is a CSRF vulnerability that can add an administrator account via index.php?page=user.