redaxo — Vulnerabilities & Security Advisories 4

All 4 CVE vulnerabilities found in redaxo, with AI-generated Chinese analysis, references, and POCs.

CVE ID	Title	CVSS	Severity	Published
CVE-2026-21857	Redaxo has Path Traversal in Backup Addon Leading to Arbitrary File Read CWE-24	6.5	-	2026-01-07
CVE-2025-66026	REDAXO is Vulnerable to Reflected XSS in Mediapool Info Banner via args[types] CWE-79	6.1	Medium	2025-11-26
CVE-2025-27412	REDAXO allows Authenticated Reflected Cross Site Scripting - packages installation CWE-79	6.1	Medium	2025-03-05
CVE-2025-27411	REDAXO allows Arbitrary File Upload in the mediapool page CWE-434	5.4	Medium	2025-03-05

All 4 known CVE vulnerabilities affecting redaxo with full Chinese analysis, references, and POCs where available.