CVE-2024-46209

MEDIUM

Redaxo - XSS

Title source: rule

Description

A stored cross-site scripting (XSS) vulnerability in the component /media/test.html of REDAXO CMS v5.17.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the password parameter.

Exploits (1)

nomisec WRITEUP

by h4ckr4v3n · poc

https://github.com/h4ckr4v3n/CVE-2024-46209

View Code ZIP pw:eip

References (2)

[Exploit, Third Party Advisory] https://github.com/h4ckr4v3n/CVE-2024-46209/blob/main/REDAXO%20Stored%20XSS%20%2B%20RCE.pdf

[Third Party Advisory] https://github.com/h4ckr4v3n/research_redaxo_5_17_1.git

Scores

CVSS v3 5.4

EPSS 0.0034

EPSS Percentile 56.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-79

Status published

Products (2)

redaxo/redaxo 5.17.1

redaxo/source 0Packagist

Published Jan 06, 2025

Tracked Since Feb 18, 2026