CVSS: 4.3EPSS: 1%CPEs: 5EXPL: 3CVE-2012-3869 – Redaxo 4.4 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2012-3869
Cross-site scripting (XSS) vulnerability in include/classes/class.rex_list.inc.php in REDAXO 4.3.x and 4.4 allows remote attackers to inject arbitrary web script or HTML via the subpage parameter to index.php. Una vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en include/classes/class.rex_list.inc.php en REDAXO v4.3.x y v4.4 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro 'subpage' a index.php. Redaxo version 4.4 suffers from a cross site scripting vulnerability. • http://archives.neohapsis.com/archives/bugtraq/2012-07/0142.html http://secunia.com/advisories/49904 http://www.redaxo.org/de/download/sicherheitshinweise http://www.securityfocus.com/bid/54670 https://www.htbridge.com/advisory/HTB23098 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 4%CPEs: 2EXPL: 1CVE-2006-2845 – Redaxo 3.2 - 'INCLUDE_PATH' Remote File Inclusion
https://notcve.org/view.php?id=CVE-2006-2845
PHP remote file inclusion vulnerability in Redaxo 3.0 up to 3.2 allows remote attackers to execute arbitrary PHP code via a URL in the REX[INCLUDE_PATH] parameter to image_resize/pages/index.inc.php. • https://www.exploit-db.com/exploits/1861 http://secunia.com/advisories/20395 http://securityreason.com/securityalert/1043 http://securitytracker.com/id?1016213 http://www.securityfocus.com/archive/1/435733/100/0/threaded http://www.securityfocus.com/bid/18229 http://www.vupen.com/english/advisories/2006/2109 https://exchange.xforce.ibmcloud.com/vulnerabilities/26887 •
CVSS: 7.5EPSS: 4%CPEs: 1EXPL: 1CVE-2006-2843 – Redaxo 3.2 - 'INCLUDE_PATH' Remote File Inclusion
https://notcve.org/view.php?id=CVE-2006-2843
PHP remote file inclusion vulnerability in Redaxo 2.7.4 allows remote attackers to execute arbitrary PHP code via a URL in the (1) REX[INCLUDE_PATH] parameter in (a) addons/import_export/pages/index.inc.php and (b) pages/community.inc.php. • https://www.exploit-db.com/exploits/1861 http://secunia.com/advisories/20408 http://securityreason.com/securityalert/1043 http://securitytracker.com/id?1016213 http://www.securityfocus.com/archive/1/435733/100/0/threaded http://www.securityfocus.com/bid/18229 http://www.vupen.com/english/advisories/2006/2109 https://exchange.xforce.ibmcloud.com/vulnerabilities/26887 •
CVSS: 7.5EPSS: 4%CPEs: 1EXPL: 1CVE-2006-2844 – Redaxo 3.2 - 'INCLUDE_PATH' Remote File Inclusion
https://notcve.org/view.php?id=CVE-2006-2844
Multiple PHP remote file inclusion vulnerabilities in Redaxo 3.0 allow remote attackers to execute arbitrary PHP code via a URL in the REX[INCLUDE_PATH] parameter to (1) simple_user/pages/index.inc.php and (2) stats/pages/index.inc.php. • https://www.exploit-db.com/exploits/1861 http://secunia.com/advisories/20395 http://securityreason.com/securityalert/1043 http://securitytracker.com/id?1016213 http://www.securityfocus.com/archive/1/435733/100/0/threaded http://www.securityfocus.com/bid/18229 http://www.vupen.com/english/advisories/2006/2109 https://exchange.xforce.ibmcloud.com/vulnerabilities/26887 •