Cross-Site Scripting Vulnerability in REDAXO by REDAXO GmbH
CVE-2012-3869

Currently unrated

Key Information:

Vendor: Redaxo
Status: Redaxo
Vendor: CVE Published:; 13 August 2012

Summary

A Cross-Site Scripting (XSS) vulnerability exists in the REDAXO content management system, specifically within the include/classes/class.rex_list.inc.php file. This flaw allows remote attackers to inject arbitrary web scripts or HTML content through the subpage parameter in index.php, potentially leading to malicious client-side attacks. Users of REDAXO versions 4.3.x and 4.4 should be aware of this security risk and take necessary precautions to mitigate unauthorized access.

References

http://secunia.com/advisories/49904

third-party-advisoryx_refsource_SECUNIA

https://www.htbridge.com/advisory/HTB23098

x_refsource_MISC

http://www.redaxo.org/de/download/sicherheitshinweise/

x_refsource_CONFIRM

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Aug 13, 2012