{
  "schema_version": "1.4.0",
  "id": "GHSA-8366-xmgf-334f",
  "modified": "2025-03-05T19:03:08Z",
  "published": "2025-03-05T19:03:08Z",
  "aliases": [
    "CVE-2025-27412"
  ],
  "summary": "REDAXO allows Authenticated Reflected Cross Site Scripting - packages installation",
  "details": "### Summary\nReflected cross-site scripting (XSS) is a type of web vulnerability that occurs when a web application fails to properly sanitize user input, allowing an attacker to inject malicious code into the application's response to a user's request. When the user's browser receives the response, the malicious code is executed, potentially allowing the attacker to steal sensitive information or take control of the user's account.\n\n### Details\nOn the latest version of Redaxo, v5.18.2, the rex-api-result parameter is vulnerable to Reflected cross-site scripting (XSS) on the page of AddOns.\n\n### PoC\n1. Login Redaxo as administrative user.\n2. Navigate to the URL: [http://localhost/redaxo/index.php?page=packages&rex-api-call=package&&rex-api-result={%22succeeded%22%3Atrue%2C%22message%22%3A%22%3Cimg%20src=x%20onerror=alert(document.domain);%3E%22}](http://localhost/redaxo/index.php?page=packages&rex-api-call=package&&rex-api-result=%7B%22succeeded%22%3Atrue%2C%22message%22%3A%22%3Cimg%20src=x%20onerror=alert(document.domain);%3E%22%7D), the XSS executes.\n\n![2025-02-14_13-45](https://github.com/user-attachments/assets/1cb0f01a-7562-473b-8101-1bc59532e746)\n\n\n### Impact\nThis can lead to various security risks, including session hijacking, phishing attacks and malware distribution. History page visible to administrative user and when an administrator views the infected page, the attacker may gain elevated privileges, further compromising the system.",
  "severity": [
    {
      "type": "CVSS_V3",
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
    }
  ],
  "affected": [
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "redaxo/source"
      },
      "ranges": [
        {
          "type": "ECOSYSTEM",
          "events": [
            {
              "introduced": "5.0.0"
            },
            {
              "fixed": "5.18.3"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/redaxo/redaxo/security/advisories/GHSA-8366-xmgf-334f"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-27412"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/redaxo/redaxo"
    }
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-79"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2025-03-05T19:03:08Z",
    "nvd_published_at": "2025-03-05T16:15:40Z"
  }
}