Security Advisories - redaxo/source

redaxo/source Security Advisories for 5.13.1 (13)

[LOW] REDAXO has reflected XSS backend packages API via function parameter (CSRF token required)

PKSA-ps7n-211c-nz3j GHSA-xq4j-g85q-wf97

Affected version: <5.21.0

Reported by:
GitHub
[LOW] REDAXO has reflected XSS in backend Metainfo API via type parameter (CSRF token required)

PKSA-4w67-7bxw-yj96 GHSA-m662-8jrj-cw6v

Affected version: <5.21.0

Reported by:
GitHub
[HIGH] Redaxo has Path Traversal in Backup Addon Leading to Arbitrary File Read

PKSA-h8yt-8rph-k3h8 CVE-2026-21857 GHSA-824x-88xg-cwrv

Affected version: <=5.20.1

Reported by:
GitHub
[MEDIUM] REDAXO CMS is vulnerable to Reflected XSS in Mediapool Info Banner via args[types]

PKSA-dcqq-vjpq-jyz4 CVE-2025-66026 GHSA-x6vr-q3vf-vqgq

Affected version: <5.20.1

Reported by:
GitHub
[MEDIUM] REDAXO CMS is vulnerable to XSS through its module management component

PKSA-wmbc-n846-7h2f CVE-2025-64049 GHSA-vqc7-7fj4-3fm3

Affected version: <5.20.1

Reported by:
GitHub
[HIGH] REDAXO CMS is vulnerable to RCE attack through its template management component

PKSA-wnfn-tqc3-fmcx CVE-2025-64050 GHSA-xj9j-gjxg-7jvq

Affected version: <5.20.1

Reported by:
GitHub
[MEDIUM] REDAXO allows Authenticated Reflected Cross Site Scripting - packages installation

PKSA-76dy-z23y-9p4c CVE-2025-27412 GHSA-8366-xmgf-334f

Affected version: >=5.0.0,<5.18.3

Reported by:
GitHub
[MEDIUM] REDAXO allows Arbitrary File Upload in the mediapool page

PKSA-t5ch-tqpp-j3n9 CVE-2025-27411 GHSA-wppf-gqj5-fc4f

Affected version: <5.18.3

Reported by:
GitHub
[MEDIUM] Stored XSS in REDAXO

PKSA-njhr-8v9z-nrm1 CVE-2024-13209 GHSA-7wj8-856p-qc9m

Affected version: >=5.12.0-beta1,<=5.18.1

Reported by:
GitHub
[LOW] REDAXO CMS Cross-site Scripting vulnerability

PKSA-r1p5-d5cc-v5v1 CVE-2024-46209 GHSA-2p95-8xvm-2pjx

Affected version: <=5.17.1

Reported by:
GitHub
[MEDIUM] Redaxo Core CMS Cross Site Scripting (XSS)

PKSA-dp3c-dd93-8dhf CVE-2024-50803 GHSA-m5vv-7jxc-8p6x

Affected version: <5.18.0

Reported by:
GitHub
[MEDIUM] Path traversal in redaxo

PKSA-v8r2-shtd-c5bm CVE-2024-46212 GHSA-37gm-h5wr-pf25

Affected version: <=5.17.1

Reported by:
GitHub
[HIGH] Code injection in REDAXO

PKSA-8xbx-ff98-hq82 CVE-2024-25298 GHSA-7f2v-5877-rx3x

Affected version: <=5.15.1

Reported by:
GitHub

redaxo/source Security Advisories for 5.13.1 (13)

[LOW] REDAXO has reflected XSS backend packages API via function parameter (CSRF token required)

[LOW] REDAXO has reflected XSS in backend Metainfo API via type parameter (CSRF token required)

[HIGH] Redaxo has Path Traversal in Backup Addon Leading to Arbitrary File Read

[MEDIUM] REDAXO CMS is vulnerable to Reflected XSS in Mediapool Info Banner via args[types]

[MEDIUM] REDAXO CMS is vulnerable to XSS through its module management component

[HIGH] REDAXO CMS is vulnerable to RCE attack through its template management component

[MEDIUM] REDAXO allows Authenticated Reflected Cross Site Scripting - packages installation

[MEDIUM] REDAXO allows Arbitrary File Upload in the mediapool page

[MEDIUM] Stored XSS in REDAXO

[LOW] REDAXO CMS Cross-site Scripting vulnerability

[MEDIUM] Redaxo Core CMS Cross Site Scripting (XSS)

[MEDIUM] Path traversal in redaxo

[HIGH] Code injection in REDAXO