62 matches found
CVE-2023-50017
Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery CSRF via the component /admin/database/backup...
CVE-2023-50017
Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery CSRF via the component /admin/database/backup...
CVE-2023-50017
Dreamer CMS v4.1.3 contains a Cross-Site Request Forgery (CSRF) vulnerability in the /admin/database/backup component. The root cause is insufficient verification of whether a request comes from a trusted user, enabling an attacker to forge a malicious request that triggers a sensitive operation ...
Dreamer CMS 跨站请求伪造漏洞
Dreamer CMS is a dreamer content management system. A cross-site request forgery vulnerability exists in Dreamer CMS v4.1.3, which stems from the component /admin/database/backup not adequately verifying whether a request comes from a trusted user, and can be exploited by an attacker to forge a...
CVE-2023-49484
Dreamer CMS v4.1.3 was discovered to contain a cross-site scripting XSS vulnerability in the article management department...
CVE-2023-49484
Dreamer CMS v4.1.3 was discovered to contain a cross-site scripting XSS vulnerability in the article management department...
CVE-2023-49484
Dreamer CMS v4.1.3 contains a Cross-Site Scripting (XSS) vulnerability in the article management department. Root cause: lack of effective filtering/escaping of user-supplied data. Impact as per sources: potential execution of arbitrary scripts in or on user browsers. CVSS v3.1 base score 5.4 (Me...
CVE-2023-48912
Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery CSRF via the component /admin/archives/edit...
CVE-2023-48912
Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery CSRF via the component /admin/archives/edit...
CVE-2023-48914
Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery CSRF via the component /admin/archives/add...
CVE-2023-48912
Dreamer CMS v4.1.3 contains a Cross-Site Request Forgery (CSRF) vulnerability in the /admin/archives/edit component. The CVE entry ties the issue to Dreamer CMS and specifies CSRF as the flaw, but the provided documents do not include a confirmed remediation (patch/version) or exploitation detail...
CVE-2023-48914
Affected software: Dreamer CMS v4.1.3. Vulnerability: Cross-Site Request Forgery (CSRF) in the /admin/archives/add component. The root cause is insufficient validation of whether a request originates from a trusted user, enabling an attacker to forge a malicious request that tricks a victim into ...
CVE-2023-48913
Dreamer CMS v4.1.3 is vulnerable to Cross-Site Request Forgery via the /admin/archives/delete component. Root cause: insufficient verification of request origin for a sensitive operation. Impact includes high confidentiality, integrity, and availability risk (CVSSv3.1: 8.8, UI: REQUIRED, ATT&CK n...
CVE-2023-48912
Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery CSRF via the component /admin/archives/edit...
CVE-2023-48020
Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery CSRF vulnerability via /admin/task/changeStatus...
CVE-2023-48021
Technical details such as affected versions, exploit conditions, and remediation are not provided in the supplied documents. Monitor for updates from vendors and security advisories.
CVE-2023-48021
Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery CSRF vulnerability via /admin/task/update...
CVE-2023-48020
Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery CSRF vulnerability via /admin/task/changeStatus...
CVE-2023-48060
Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery CSRF via the component /admin/task/add...
CVE-2023-48058
Dreamer CMS and related records: CVE-2023-48058 is a CSRF affecting Dreamer CMS v4.1.3, involving the /admin/task/run component. The vulnerability allows unauthorized actions to be performed by an authenticated user (high impact: confidentiality, integrity, and availability all rated High). Publi...