Lucene search
China National Vulnerability DatabaseCNVD-2023-79682HistoryOct 07, 2023 - 12:00 a.m.
Dreamer CMS Cross-Site Scripting Vulnerability (CNVD-2023-79682)
2023-10-0700:00:00
China National Vulnerability Database
www.cnvd.org.cn
2
dreamer cms
version 4.1.3
cross-site scripting
vulnerability
filtering
escaping
user-supplied data
admin
payload
cnvd-2023-79682
Dreamer CMS is a dreamer content management system. Dreamer CMS version v4.1.3 suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data by the component /admin/u/toIndex, which can be exploited by an attacker to execute arbitrary Web script or HTML by injecting a crafted payload.
| CPE | Name | Operator | Version |
|---|---|---|---|
| dreamer cms dreamer cms v | eq | 4.1.3 |
Related
cve
cve
CVE-2023-43857
2023-09-27 15:19:34
nvd
nvd
CVE-2023-43857
2023-09-27 15:19:34
osv
osv
CVE-2023-43857
2023-09-27 15:19:34
prion
prion
Cross site scripting
2023-09-27 15:19:00
cvelist
cvelist
CVE-2023-43857
2023-09-26 00:00:00