Skip to content

Praison001/CVE-2024-50803-Redaxo

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
 
 

Repository files navigation

CVE-2024-50803

Stored XSS in mediapool feature of Redaxo

A stored cross-site scripting (XSS) vulnerability was found in Redaxo versions < 5.18.0, allowing attackers with sufficient privileges to upload a malicious SVG file through the mediapool feature.

Published a write-up: https://medium.com/@praison66/5d15a3cd054d

Discovered by Praison, Sep 2024.

References: https://www.cve.org/CVERecord?id=CVE-2024-50803 https://github.com/redaxo/redaxo/releases/tag/5.18.0

Vulnerable versions: < 5.18.0

Fix: Update Redaxo to the latest version - 5.18.0

About

Stored XSS in mediapool feature of Redaxo

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published