Filtered by vendor Redaxo
Subscribe
Search
Total
4 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-39458 | 1 Redaxo | 1 Redaxo | 2022-07-12 | 4.0 MEDIUM | 6.5 MEDIUM |
| Triggering an error page of the import process in Yakamara Media Redaxo CMS version 5.12.1 allows an authenticated CMS user has to alternate the files of a vaild file backup. This leads of leaking the database credentials in the environment variables. | |||||
| CVE-2018-18198 | 1 Redaxo | 1 Redaxo | 2018-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The $opener_input_field variable in addons/mediapool/pages/index.php in REDAXO 5.6.3 is not effectively filtered and is output directly to the page. The attacker can insert XSS payloads via an index.php?page=mediapool/media&opener_input_field=[XSS] request. | |||||
| CVE-2018-18199 | 1 Redaxo | 1 Redaxo | 2018-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Mediamanager in REDAXO before 5.6.4 has XSS. | |||||
| CVE-2018-17830 | 1 Redaxo | 1 Redaxo | 2018-11-15 | 3.5 LOW | 5.4 MEDIUM |
| The $args variable in addons/mediapool/pages/index.php in REDAXO 5.6.2 is not effectively filtered, because names are not restricted (only values are restricted). The attacker can insert XSS payloads via an index.php?page=mediapool/media&opener_input_field=&args[ substring. | |||||