ghsa-8366-xmgf-334f
Vulnerability from github
Published
2025-03-05 19:03
Modified
2025-03-05 19:03
Severity ?
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
REDAXO allows Authenticated Reflected Cross Site Scripting - packages installation
Details

Summary

Reflected cross-site scripting (XSS) is a type of web vulnerability that occurs when a web application fails to properly sanitize user input, allowing an attacker to inject malicious code into the application's response to a user's request. When the user's browser receives the response, the malicious code is executed, potentially allowing the attacker to steal sensitive information or take control of the user's account.

Details

On the latest version of Redaxo, v5.18.2, the rex-api-result parameter is vulnerable to Reflected cross-site scripting (XSS) on the page of AddOns.

PoC

  1. Login Redaxo as administrative user.
  2. Navigate to the URL: http://localhost/redaxo/index.php?page=packages&rex-api-call=package&&rex-api-result={%22succeeded%22%3Atrue%2C%22message%22%3A%22%3Cimg%20src=x%20onerror=alert(document.domain);%3E%22}, the XSS executes.

2025-02-14_13-45

Impact

This can lead to various security risks, including session hijacking, phishing attacks and malware distribution. History page visible to administrative user and when an administrator views the infected page, the attacker may gain elevated privileges, further compromising the system.

Show details on source website

To clipboard 

{
  "affected": [
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "redaxo/source"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "5.0.0"
            },
            {
              "fixed": "5.18.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2025-27412"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-79"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-03-05T19:03:08Z",
    "nvd_published_at": "2025-03-05T16:15:40Z",
    "severity": "MODERATE"
  },
  "details": "### Summary\nReflected cross-site scripting (XSS) is a type of web vulnerability that occurs when a web application fails to properly sanitize user input, allowing an attacker to inject malicious code into the application\u0027s response to a user\u0027s request. When the user\u0027s browser receives the response, the malicious code is executed, potentially allowing the attacker to steal sensitive information or take control of the user\u0027s account.\n\n### Details\nOn the latest version of Redaxo, v5.18.2, the rex-api-result parameter is vulnerable to Reflected cross-site scripting (XSS) on the page of AddOns.\n\n### PoC\n1. Login Redaxo as administrative user.\n2. Navigate to the URL: [http://localhost/redaxo/index.php?page=packages\u0026rex-api-call=package\u0026\u0026rex-api-result={%22succeeded%22%3Atrue%2C%22message%22%3A%22%3Cimg%20src=x%20onerror=alert(document.domain);%3E%22}](http://localhost/redaxo/index.php?page=packages\u0026rex-api-call=package\u0026\u0026rex-api-result=%7B%22succeeded%22%3Atrue%2C%22message%22%3A%22%3Cimg%20src=x%20onerror=alert(document.domain);%3E%22%7D), the XSS executes.\n\n![2025-02-14_13-45](https://github.com/user-attachments/assets/1cb0f01a-7562-473b-8101-1bc59532e746)\n\n\n### Impact\nThis can lead to various security risks, including session hijacking, phishing attacks and malware distribution. History page visible to administrative user and when an administrator views the infected page, the attacker may gain elevated privileges, further compromising the system.",
  "id": "GHSA-8366-xmgf-334f",
  "modified": "2025-03-05T19:03:08Z",
  "published": "2025-03-05T19:03:08Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/redaxo/redaxo/security/advisories/GHSA-8366-xmgf-334f"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-27412"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/redaxo/redaxo"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "REDAXO allows Authenticated Reflected Cross Site Scripting - packages installation"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.