CVE-2025-66026

by Fred · 26/11/2025

REDAXO is a PHP-based CMS. Prior to version 5.20.1, a reflected Cross-Site Scripting (XSS) vulnerability exists in the Mediapool view where the request parameter args[types] is rendered into an info banner without HTML-escaping. This allows arbitrary JavaScript execution in the backend context when an authenticated user visits a crafted link while logged in. This issue has been patched in version 5.20.1.

More information : https://github.com/redaxo/redaxo/commit/58929062312cf03e344ab04067a365e6b6ee66aa

CVE-2025-66026

Similar

Recent Posts

Categories

CVE-2025-66026

Share this:

Similar

Recent Posts

Categories

Tags