Skip to main content

Redaxo CVE-2024-25300

MEDIUM
Cross-site Scripting (XSS) (CWE-79)
2024-02-14 cve@mitre.org
4.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
4.8 MEDIUM
AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

1
CVE Published
Feb 14, 2024 - 19:15 nvd
MEDIUM 4.8

DescriptionNVD

A cross-site scripting (XSS) vulnerability in Redaxo v5.15.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter in the Template section.

AnalysisAI

A cross-site scripting (XSS) vulnerability in Redaxo v5.15.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter in the Template section. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Cross-Site Scripting (XSS) (CWE-79), which allows attackers to inject malicious scripts into web pages viewed by other users. A cross-site scripting (XSS) vulnerability in Redaxo v5.15.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter in the Template section. Affected products include: Redaxo.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Sanitize all user input, use Content-Security-Policy headers, encode output contextually (HTML, JS, URL). Use frameworks with built-in XSS protection.

More in Redaxo

View all
CVE-2018-17831 CRITICAL POC
9.8 Oct 01

In REDAXO before 5.6.3, a critical SQL injection vulnerability has been discovered in the rex_list class because of the

CVE-2025-64050 HIGH POC
7.2 Nov 25

A Remote Code Execution (RCE) vulnerability in the template management component in REDAXO CMS 5.20.0 allows remote auth

CVE-2024-46213 HIGH POC
7.2 Oct 16

REDAXO CMS v2.11.0 was discovered to contain a remote code execution (RCE) vulnerability. Rated high severity (CVSS 7.2)

CVE-2024-25298 HIGH POC
7.2 Feb 17

An issue was discovered in REDAXO version 5.15.1, allows attackers to execute arbitrary code and obtain sensitive inform

CVE-2024-25301 HIGH POC
7.2 Feb 14

Redaxo v5.15.1 was discovered to contain a remote code execution (RCE) vulnerability via the component /pages/templates.

CVE-2021-39459 HIGH POC
7.2 Sep 09

Remote code execution in the modules component in Yakamara Media Redaxo CMS version 5.12.1 allows an authenticated CMS u

CVE-2026-21857 MEDIUM POC
6.5 Jan 07

Arbitrary file disclosure in REDAXO's Backup addon allows authenticated users with backup permissions to read any file w

CVE-2021-39458 MEDIUM POC
6.5 Sep 09

Triggering an error page of the import process in Yakamara Media Redaxo CMS version 5.12.1 allows an authenticated CMS u

CVE-2025-27412 MEDIUM POC
6.1 Mar 05

REDAXO is a PHP-based CMS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authenticati

CVE-2025-66026 MEDIUM POC
6.1 Nov 26

REDAXO is a PHP-based CMS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authenticati

CVE-2018-18198 MEDIUM POC
6.1 Oct 09

The $opener_input_field variable in addons/mediapool/pages/index.php in REDAXO 5.6.3 is not effectively filtered and is

CVE-2018-18200 CRITICAL
9.8 Oct 09

There is a SQL injection in Benutzerverwaltung in REDAXO before 5.6.4. Rated critical severity (CVSS 9.8), this vulnerab

Share

CVE-2024-25300 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy