0Xadik

**Name of the Vulnerable Software and Affected Versions** Group-Office versions prior to 6.8.100 **Description** A Stored XSS issue exists due to improper sanitization of user input in the `Name` field. This allows for the storage of malicious scripts, which can be executed when the stored data is retrieved. **Recommendations** For versions prior to 6.8.100, update to version 6.8.100 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Redaxo versions prior to 5.18.3 **Description** The issue concerns arbitrary file upload in the mediapool/media page of the Redaxo CMS. This vulnerability has been fixed in version 5.18.3. **Recommendations** For versions prior to 5.18.3, update to version 5.18.3 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** REDAXO versions 5.0.0 through 5.18.2 **Description** The issue concerns a Reflected cross-site scripting (XSS) vulnerability in the `rex-api-result` parameter on the AddOns page. **Recommendations** For versions 5.0.0 through 5.18.2, update to version 5.18.3 to resolve the issue.