redaxo/source vulnerabilities

Browse known CVEs and advisories by package and ecosystem. Severity tells you the worst case. What determines real risk is whether the vulnerable code actually runs in your applications.

Get a demo

Browse by ecosystem

npmPyPIMavenGoRubyGemsCargoNuGetComposerpubSwiftGitHub Actions
CVE-IDSeverityPackage summary
GHSA-XQ4J-G85Q-WF97Lowredaxo/source: REDAXO has reflected XSS backend packages API via function parameter (CSRF token required)GHSA-M662-8JRJ-CW6VLowredaxo/source: REDAXO has reflected XSS in backend Metainfo API via type parameter (CSRF token required)CVE-2026-21857Highredaxo/source: Redaxo has Path Traversal in Backup Addon Leading to Arbitrary File ReadCVE-2025-66026Mediumredaxo/source: REDAXO CMS is vulnerable to Reflected XSS in Mediapool Info Banner via args[types]CVE-2025-64049Mediumredaxo/source: REDAXO CMS is vulnerable to XSS through its module management componentCVE-2025-64050Highredaxo/source: REDAXO CMS is vulnerable to RCE attack through its template management componentCVE-2025-27412Mediumredaxo/source: REDAXO allows Authenticated Reflected Cross Site Scripting - packages installationCVE-2025-27411Mediumredaxo/source: REDAXO allows Arbitrary File Upload in the mediapool pageCVE-2024-13209Mediumredaxo/source: Stored XSS in REDAXOCVE-2024-46209Lowredaxo/source: REDAXO CMS Cross-site Scripting vulnerabilityCVE-2024-50803Mediumredaxo/source: Redaxo Core CMS Cross Site Scripting (XSS)CVE-2024-46212Mediumredaxo/source: Path traversal in redaxoCVE-2024-25298Highredaxo/source: Code injection in REDAXO

Stop the waste.
Protect your environment with Kodem.