CVE-2012-3869

Name of the Vulnerable Software and Affected Versions REDAXO versions 4.3.x through 4.4

Description A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML. This is achieved via the subpage parameter to the "index.php" endpoint.

Recommendations For versions 4.3.x through 4.4, update to a version that fixes this issue. If no specific fix is provided for these versions, ensure to sanitize user input for the subpage parameter to prevent XSS attacks. As a temporary workaround, consider restricting access to the "index.php" endpoint until a patch is available.