Browse all 6 CVE security advisories affecting Redaxo. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Redaxo is a flexible content management system designed for building websites and applications. Historically, it has been susceptible to various vulnerabilities including remote code execution, cross-site scripting, and privilege escalation, with six CVEs documented. The platform's modular architecture introduces potential risks through third-party extensions. While no major security incidents have been widely reported, the consistent discovery of vulnerabilities in core components and plugins indicates ongoing security challenges. Users should implement strict input validation and keep systems updated to mitigate risks associated with this CMS.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2016-20053 | Redaxo CMS 5.2 Cross-Site Request Forgery via users endpoint — Redaxo CMSCWE-352 | 5.3 | Medium | 2026-04-04 |
| CVE-2026-21857 | Redaxo has Path Traversal in Backup Addon Leading to Arbitrary File Read — redaxoCWE-24 | 6.5 | - | 2026-01-07 |
| CVE-2025-66026 | REDAXO is Vulnerable to Reflected XSS in Mediapool Info Banner via args[types] — redaxoCWE-79 | 6.1 | Medium | 2025-11-26 |
| CVE-2025-27412 | REDAXO allows Authenticated Reflected Cross Site Scripting - packages installation — redaxoCWE-79 | 6.1 | Medium | 2025-03-05 |
| CVE-2025-27411 | REDAXO allows Arbitrary File Upload in the mediapool page — redaxoCWE-434 | 5.4 | Medium | 2025-03-05 |
| CVE-2024-13209 | Redaxo CMS Structure Management Page index.php cross site scripting — CMSCWE-79 | 2.4 | Low | 2025-01-09 |
This page lists every published CVE security advisory associated with Redaxo. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.