CVE-2025-64049

Name of the Vulnerable Software and Affected Versions REDAXO CMS version 5.20.0

Description A stored cross-site scripting (XSS) issue exists in the module management component of REDAXO CMS. A remote user can inject arbitrary web script or HTML through the Output code field within modules. This injected code is executed when a user views or edits an article that includes a slice utilizing the affected module.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.