Medium severity6.1OSV Advisory· Published Oct 9, 2018· Updated Jun 17, 2026
CVE-2018-18198
CVE-2018-18198
Description
The $opener_input_field variable in addons/mediapool/pages/index.php in REDAXO 5.6.3 is not effectively filtered and is output directly to the page. The attacker can insert XSS payloads via an index.php?page=mediapool/media&opener_input_field=[XSS] request.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2Patches
Vulnerability mechanics
References
2- github.com/redaxo/redaxo4/issues/422nvdExploitPatchThird Party Advisory
- github.com/redaxo/redaxo/releases/tag/5.6.4nvdVendor Advisory
News mentions
0No linked articles in our index yet.