Filtered by vendor Redaxo
Subscriptions
Filtered by product Redaxo Cms
Subscriptions
Total
3 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-64049 | 1 Redaxo | 2 Redaxo, Redaxo Cms | 2025-11-27 | 4.8 Medium |
| A stored cross-site scripting (XSS) vulnerability in the module management component in REDAXO CMS 5.20.0 allows remote users to inject arbitrary web script or HTML via the Output code field in modules. The payload is executed when a user views or edits an article by adding slice that uses the compromised module. | ||||
| CVE-2025-64050 | 1 Redaxo | 2 Redaxo, Redaxo Cms | 2025-11-27 | 7.2 High |
| A Remote Code Execution (RCE) vulnerability in the template management component in REDAXO CMS 5.20.0 allows remote authenticated administrators to execute arbitrary operating system commands by injecting PHP code into an active template. The payload is executed when visitors access frontend pages using the compromised template. | ||||
| CVE-2018-15850 | 1 Redaxo | 1 Redaxo Cms | 2024-11-21 | N/A |
| An issue was discovered in REDAXO CMS 4.7.2. There is a CSRF vulnerability that can add an administrator account via index.php?page=user. | ||||
Page 1 of 1.