Moderate severityNVD Advisory· Published Mar 5, 2025· Updated Mar 5, 2025
REDAXO allows Authenticated Reflected Cross Site Scripting - packages installation
CVE-2025-27412
Description
REDAXO is a PHP-based CMS. In Redaxo from 5.0.0 through 5.18.2, the rex-api-result parameter is vulnerable to Reflected cross-site scripting (XSS) on the page of AddOns. This vulnerability is fixed in 5.18.3.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
redaxo/sourcePackagist | >= 5.0.0, < 5.18.3 | 5.18.3 |
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3- github.com/advisories/GHSA-8366-xmgf-334fghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2025-27412ghsaADVISORY
- github.com/redaxo/redaxo/security/advisories/GHSA-8366-xmgf-334fghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.