CVE-2024-50803

MEDIUM

Redaxo < 5.18.0 - Stored Cross-Site Scripting in Mediapool Feature

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-50803. PoCs published by Praison001.

AI-analyzed exploit summary This repository contains a writeup for CVE-2024-50803, a stored XSS vulnerability in Redaxo's mediapool feature. The vulnerability allows attackers with sufficient privileges to upload malicious SVG files, affecting versions prior to 5.18.0.

Description

The mediapool feature of the Redaxo Core CMS application v 5.17.1 is vulnerable to Cross Site Scripting(XSS) which allows a remote attacker to escalate privileges

Exploits (1)

nomisec WRITEUP

by Praison001 · poc

https://github.com/Praison001/CVE-2024-50803-Redaxo

View Code ZIP pw:eip

This repository contains a writeup for CVE-2024-50803, a stored XSS vulnerability in Redaxo's mediapool feature. The vulnerability allows attackers with sufficient privileges to upload malicious SVG files, affecting versions prior to 5.18.0.

Classification

Writeup 100%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: Redaxo < 5.18.0

Auth required

Prerequisites: Sufficient privileges to upload files via mediapool

MITRE ATT&CK

T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Product

http://redaxo-core.com

Product

http://redaxo.com

Third Party Advisory

https://github.com/Praison001/CVE-2024-50803-Redaxo

Scores

CVSS v3 5.4

EPSS 0.0104

EPSS Percentile 77.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-79

Status published

Products (2)

redaxo/redaxo 5.17.1

redaxo/source 0 - 5.18.0Packagist

Published Nov 19, 2024

Tracked Since Feb 18, 2026