Security Advisories - redaxo/source - Packagist

redaxo/source Security Advisories for 5.18.1 (3)

[MEDIUM] REDAXO allows Authenticated Reflected Cross Site Scripting - packages installation

PKSA-76dy-z23y-9p4c CVE-2025-27412 GHSA-8366-xmgf-334f

Affected version: >=5.0.0,<5.18.3

Reported by:
GitHub
[MEDIUM] REDAXO allows Arbitrary File Upload in the mediapool page

PKSA-t5ch-tqpp-j3n9 CVE-2025-27411 GHSA-wppf-gqj5-fc4f

Affected version: <5.18.3

Reported by:
GitHub
[MEDIUM] Stored XSS in REDAXO

PKSA-njhr-8v9z-nrm1 CVE-2024-13209 GHSA-7wj8-856p-qc9m

Affected version: >=5.12.0-beta1,<=5.18.1

Reported by:
GitHub