CVE-2024-13209

Medium CVSS: 5.1

A vulnerability was found in Redaxo CMS 5.18.1. It has been classified as problematic. Affected is an unknown function of the file /index.php?page=structure&category_id=1&article_id=1&clang=1&function=edit_art&artstart=0 of the component Structure Management Page. The manipulation of the argument Article Name leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Vendor

Redaxo

Product

Redaxo

CWE

CWE-79

Yayın Tarihi

2025-01-09 04:15:11

Güncelleme

2025-06-24 14:30:10

Source Identifier

cna@vuldb.com

KEV Date Added

Kategoriler

CWE-79 Redaxo MEDIUM Redaxo 2025

Referanslar

https://geochen.medium.com/redaxo-cms-5-18-1-cross-site-scripting-7c9a872c72f6 https://vuldb.com/?ctiid.290814 https://vuldb.com/?id.290814 https://vuldb.com/?submit.466396

Benzer Kayıtlar

High

CVE-2026-21857

REDAXO is a PHP-based content management system. Prior to version 5.20.2, authenticated users with backup permissions ca…

Medium

CVE-2025-66026

REDAXO is a PHP-based CMS. Prior to version 5.20.1, a reflected Cross-Site Scripting (XSS) vulnerability exists in the M…

Medium

CVE-2025-64049

A stored cross-site scripting (XSS) vulnerability in the module management component in REDAXO CMS 5.20.0 allows remote…

High

CVE-2025-64050

A Remote Code Execution (RCE) vulnerability in the template management component in REDAXO CMS 5.20.0 allows remote auth…

Medium

CVE-2025-27411

REDAXO is a PHP-based CMS. In Redaxo before 5.18.3, the mediapool/media page is vulnerable to arbitrary file upload. Thi…

Medium

CVE-2025-27412

REDAXO is a PHP-based CMS. In Redaxo from 5.0.0 through 5.18.2, the rex-api-result parameter is vulnerable to Reflected…