REDAXO is a PHP-based CMS. Prior to version 5.20.1, a reflected Cross-Site Scripting (XSS) vulnerability exists in the Mediapool view where the request parameter args[types] is rendered into an info banner without HTML-escaping. This allows arbitrary JavaScript execution in the backend context when an authenticated user visits a crafted link while logged in. This issue has been patched in version 5.20.1.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| redaxo/source(Packagist) | 0 | 5.20.1 | N/A |
CVSS Metrics
