5.4

CVSS Score

3.1

-

CVSS Score

Basic Information

CVE ID

CVE-2024-13209

GHSA ID

GHSA-7wj8-856p-qc9m

EPSS Score

0.15123%

CWE

CWE-79

Published

2/10/2025

Updated

2/10/2025

KEV Status

Technology

PHP

Basic Information

CVE ID

GHSA ID

EPSS Score

CWE

Published

Updated

KEV Status

Technology

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2024-13209

CVE-2024-13209: Stored XSS in REDAXO

Summary

Stored XSS in REDAXO 5.18.1 - Article / "content/edit".

Details

On the latest version of Redaxo, v5.18.1, the article name field is susceptible to stored XSS.

Impact

A malicious actor can easily steal cookie using this stored XSS and perform a session hijacking attack.

(GitHub Advisory)

Miggo Vulnerability Database

→

CVE-2024-13209

CVE-2024-13209:

5.4

CVSS Score

3.1

-

CVSS Score

Basic Information

CVE ID

CVE-2024-13209

GHSA ID

GHSA-7wj8-856p-qc9m

EPSS Score

0.15123%

CWE

CWE-79

Published

2/10/2025

Updated

2/10/2025

KEV Status

Technology

PHP

Basic Information

CVE ID

GHSA ID

EPSS Score

CWE

Published

Updated

KEV Status

Technology

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
redaxo/source	composer	>= 5.12.0-beta1, <= 5.18.1	5.18.2

Technical Details

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stems from the article name field value being used in HTML output without proper escaping. The commit shows:

A @psalm-taint-source annotation was added to getName(), marking it as an input source requiring sanitization
The actual XSS occurred in content.php where $OOArt->getName() was used in rex_view::title() without escaping
The fix added rex_escape() around the getName() call in content.php

While the direct vulnerable usage is in content.php, the root cause function is getName() in structure_element.php as it provides raw user-controlled data to output contexts. The high confidence comes from the commit explicitly marking getName() as a taint source and the XSS proof-of-concept demonstrating its unescaped usage.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.

Reasoning

*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.

5.4

-

Basic Information

Basic Information

Concerned about an active attack path?

CVE-2024-13209: Stored XSS in REDAXO

Summary

Details

Impact

CVE-2024-13209:

5.4

-

Basic Information

Basic Information

Technical Details

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability IntelligenceMiggo AI

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Technical Details

5.4

5.4

Basic Information

Basic Information

CVE-2024-13209: Stored XSS in REDAXO

Summary

Details

Impact

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI