REDAXO is a PHP-based CMS. In Redaxo from 5.0.0 through 5.18.2, the rex-api-result parameter is vulnerable to Reflected cross-site scripting (XSS) on the page of AddOns. This vulnerability is fixed in 5.18.3.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| redaxo/source(Packagist) | 5.0.0 | 5.18.3 | N/A |
CVSS Metrics
