CVE-2024-50803

MEDIUM

Redaxo < 5.18.0 - XSS

Title source: rule

Description

The mediapool feature of the Redaxo Core CMS application v 5.17.1 is vulnerable to Cross Site Scripting(XSS) which allows a remote attacker to escalate privileges

Exploits (1)

nomisec WRITEUP

by Praison001 · poc

https://github.com/Praison001/CVE-2024-50803-Redaxo

View Code ZIP pw:eip

References (3)

[Product] http://redaxo-core.com

[Product] http://redaxo.com

[Third Party Advisory] https://github.com/Praison001/CVE-2024-50803-Redaxo

Scores

CVSS v3 5.4

EPSS 0.0104

EPSS Percentile 77.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-79

Status published

Products (2)

redaxo/redaxo 5.17.1

redaxo/source 0 - 5.18.0Packagist

Published Nov 19, 2024

Tracked Since Feb 18, 2026