Описание
REDAXO is a PHP-based CMS. Prior to version 5.20.1, a reflected Cross-Site Scripting (XSS) vulnerability exists in the Mediapool view where the request parameter args[types] is rendered into an info banner without HTML-escaping. This allows arbitrary JavaScript execution in the backend context when an authenticated user visits a crafted link while logged in. This issue has been patched in version 5.20.1.
Уязвимые конфигурации
Конфигурация 1Версия до 5.20.1 (исключая)
cpe:2.3:a:redaxo:redaxo:*:*:*:*:*:*:*:*
EPSS
Процентиль: 18%
0.00056
Низкий
6.1 Medium
CVSS3
Дефекты
CWE-79
Связанные уязвимости
CVSS3: 6.1
github
3 месяца назад
REDAXO CMS is vulnerable to Reflected XSS in Mediapool Info Banner via args[types]
EPSS
Процентиль: 18%
0.00056
Низкий
6.1 Medium
CVSS3
Дефекты
CWE-79