CVE-2025-64049

Medium CVSS: 4.8

A stored cross-site scripting (XSS) vulnerability in the module management component in REDAXO CMS 5.20.0 allows remote users to inject arbitrary web script or HTML via the Output code field in modules. The payload is executed when a user views or edits an article by adding slice that uses the compromised module.

Vendor

Redaxo

Product

Redaxo

CWE

CWE-79

Yayın Tarihi

2025-11-25 16:16:07

Güncelleme

2025-12-03 17:06:05

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-79 Redaxo MEDIUM Redaxo 2025

Referanslar

https://drive.google.com/drive/folders/1SpwL548ZBRYU_uL8W7Riv7VHshr2UN0R?usp=sharing https://github.com/redaxo/redaxo https://github.com/vettrivel007/CVE-Disclosures/blob/main/CVE-2025-64049.md

Benzer Kayıtlar

High

CVE-2026-21857

REDAXO is a PHP-based content management system. Prior to version 5.20.2, authenticated users with backup permissions ca…

Medium

CVE-2025-66026

REDAXO is a PHP-based CMS. Prior to version 5.20.1, a reflected Cross-Site Scripting (XSS) vulnerability exists in the M…

High

CVE-2025-64050

A Remote Code Execution (RCE) vulnerability in the template management component in REDAXO CMS 5.20.0 allows remote auth…

Medium

CVE-2025-27411

REDAXO is a PHP-based CMS. In Redaxo before 5.18.3, the mediapool/media page is vulnerable to arbitrary file upload. Thi…

Medium

CVE-2025-27412

REDAXO is a PHP-based CMS. In Redaxo from 5.0.0 through 5.18.2, the rex-api-result parameter is vulnerable to Reflected…

High

CVE-2024-46210

An arbitrary file upload vulnerability in the MediaPool module of Redaxo CMS v5.17.1 allows attackers to execute arbitra…