Количество 2
Количество 2
CVE-2025-66026
REDAXO is a PHP-based CMS. Prior to version 5.20.1, a reflected Cross-Site Scripting (XSS) vulnerability exists in the Mediapool view where the request parameter args[types] is rendered into an info banner without HTML-escaping. This allows arbitrary JavaScript execution in the backend context when an authenticated user visits a crafted link while logged in. This issue has been patched in version 5.20.1.
GHSA-x6vr-q3vf-vqgq
REDAXO CMS is vulnerable to Reflected XSS in Mediapool Info Banner via args[types]
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2025-66026 REDAXO is a PHP-based CMS. Prior to version 5.20.1, a reflected Cross-Site Scripting (XSS) vulnerability exists in the Mediapool view where the request parameter args[types] is rendered into an info banner without HTML-escaping. This allows arbitrary JavaScript execution in the backend context when an authenticated user visits a crafted link while logged in. This issue has been patched in version 5.20.1. | CVSS3: 6.1 | 0% Низкий | 3 месяца назад |
| GHSA-x6vr-q3vf-vqgq REDAXO CMS is vulnerable to Reflected XSS in Mediapool Info Banner via args[types] | CVSS3: 6.1 | 0% Низкий | 3 месяца назад |
Уязвимостей на страницу