An issue was discovered in REDAXO version 5.15.1, allows attackers to execute arbitrary code and obtain sensitive information via modules.modules.php.

Redaxo v5.15.1 was discovered to contain a remote code execution (RCE) vulnerability via the component /pages/templates.php.

A cross-site scripting (XSS) vulnerability in Redaxo v5.15.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter in the Template section.