CVE-2025-64049 in Redaxoinfo

Zusammenfassung

von MITRE • 25.11.2025

A stored cross-site scripting (XSS) vulnerability in the module management component in REDAXO CMS 5.20.0 allows remote users to inject arbitrary web script or HTML via the Output code field in modules. The payload is executed when a user views or edits an article by adding slice that uses the compromised module.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Zuständig

MITRE

Reservieren

27.10.2025

Veröffentlichung

25.11.2025

Moderieren

akzeptiert

Eintrag

VDB-333505

CPE

bereit

CWE

CWE-79 (bestätigt)

CVSS

3.5 (VulDB)

EPSS

0.00038

KEV

nein

Aktivitäten

very low

Sektor

Hostingprovider, Lawfirm, ...

Quellen

MITRE	https://www.cve.org/CVERecord?id=CVE-2025-64049
NVD	https://nvd.nist.gov/vuln/detail/CVE-2025-64049
CVE Details	https://www.cvedetails.com/cve/CVE-2025-64049/

◂ Zurück Übersicht Weiter ▸

Do you need the next level of professionalism?

Upgrade your account now!