## https://sploitus.com/exploit?id=2194DAE0-FFFE-51A2-8547-07A460FD6A84
# CVE-Disclosures
Welcome to the CVE disclosures section of this repository! Here, you'll find a list of potential security vulnerabilities that I have discovered while working on Free Open Source Software (FOSS) applications.
# CVEs I Have Discovered
Below is a list of all the CVEs that I have discovered.
# Security Findings
| CVE ID | Description |
|--------|-------------|
| **CVE-2025-64049** | A stored cross-site scripting (XSS) vulnerability in the module management component in REDAXO CMS 5.20.0 allows remote users to inject arbitrary web script or HTML via the Output code field in modules. The payload is executed when a user views or edits an article by adding slice that uses the compromised module. |
| **CVE-2025-64050** | A Remote Code Execution (RCE) vulnerability in the template management component in REDAXO CMS 5.20.0 allows remote authenticated administrators to execute arbitrary operating system commands by injecting PHP code into an active template. The payload is executed when visitors access frontend pages using the compromised template. |
**Researcher**: VETTRIVEL U
[LinkedIn Profile - VETTRIVEL U ](https://www.linkedin.com/in/vettrivel2006)