N/A - CVE-2025-27412

Executive Summary

This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.

Informations
Name	CVE-2025-27412	First vendor Publication	2025-03-05
Vendor	Cve	Last vendor Modification	2025-07-01

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector :
Cvss Base Score	N/A	Attack Range	N/A
Cvss Impact Score	N/A	Attack Complexity	N/A
Cvss Expoit Score	N/A	Authentication	N/A
Calculate full CVSS 2.0 Vectors scores

Detail

REDAXO is a PHP-based CMS. In Redaxo from 5.0.0 through 5.18.2, the rex-api-result parameter is vulnerable to Reflected cross-site scripting (XSS) on the page of AddOns. This vulnerability is fixed in 5.18.3.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27412

CWE : Common Weakness Enumeration

%	Id	Name
100 %	CWE-79	Failure to Preserve Web Page Structure ('Cross-site Scripting') (CWE/SANS Top 25)

CPE : Common Platform Enumeration

Type	Description	Count
Application	Redaxo cpe:2.3:a:redaxo:redaxo:5.6.3:::::::* cpe:2.3:a:redaxo:redaxo:5.6.2:::::::* cpe:2.3:a:redaxo:redaxo:5.18.1:::::::* cpe:2.3:a:redaxo:redaxo:5.17.1:::::::* cpe:2.3:a:redaxo:redaxo:5.15.1:::::::* cpe:2.3:a:redaxo:redaxo:5.12.1:::::::* cpe:2.3:a:redaxo:redaxo:4.4:::::::* cpe:2.3:a:redaxo:redaxo:4.3.3:::::::* cpe:2.3:a:redaxo:redaxo:4.3.2:::::::* cpe:2.3:a:redaxo:redaxo:4.3.1:::::::* cpe:2.3:a:redaxo:redaxo:4.3:::::::* cpe:2.3:a:redaxo:redaxo:3.2:::::::* cpe:2.3:a:redaxo:redaxo:3.0:::::::* cpe:2.3:a:redaxo:redaxo:2.7.4:::::::* cpe:2.3:a:redaxo:redaxo:2.11.0:::::::* cpe:2.3:a:redaxo:redaxo::::::::	16