Cross-Site Scripting Vulnerability in REDAXO Media Pool
CVE-2018-17830

5.4MEDIUM

Key Information:

Vendor: Redaxo
Status: Redaxo
Vendor: CVE Published:; 1 October 2018

What is CVE-2018-17830?

In REDAXO 5.6.2, the $args variable within addons/mediapool/pages/index.php lacks proper filtering, allowing attackers to exploit it. The variable only restricts values but not names, leading to potential XSS attacks. Malicious actors could insert harmful scripts through specially crafted requests, compromising the security of the web application and potentially affecting users.

References

https://github.com/redaxo/redaxo4/issues/421

x_refsource_MISC

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 1, 2018
Vulnerability Reserved
Sep 30, 2018

Redaxo

What is CVE-2018-17830?

References

CVSS V3.1

Timeline