CVE-2024-13209: 
PHP vulnerability analysis and mitigation

A cross-site scripting (XSS) vulnerability was discovered in Redaxo CMS version 5.18.1. The vulnerability affects the article name field in the Structure Management Page component, specifically in the file path '/index.php?page=structure&categoryid=1&articleid=1&clang=1&function=edit_art&artstart=0'. The vulnerability was disclosed on December 19, 2024, and was assigned CVE-2024-13209 (Medium Article).

The vulnerability is classified as a stored cross-site scripting (XSS) issue that occurs when creating an article name in the content management system. The CVSS v3.1 base score is 2.4 (LOW) with the vector string CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N. The vulnerability has been categorized under CWE-79 (Improper Neutralization of Input During Web Page Generation) (NVD).

When successfully exploited, this vulnerability allows malicious actors to execute cross-site scripting attacks through the article name field. The primary impact is the potential for session hijacking attacks through cookie theft, which could lead to unauthorized access to user accounts (Medium Article).

The vendor was contacted through email and GitHub regarding the vulnerability but did not provide an immediate response. As of the disclosure date, no official patches or workarounds have been published (Medium Article).