CVE-2023-33736

CVE-2023-33736 is a stored XSS vulnerability in Dcat-Admin v2.1.3-beta, exploitable via a crafted payload injected into a URL parameter. The impact is arbitrary web script/HTML execution as described; no explicit fix/version in the provided documents. Connected sources reference advisories and ex...

CVE-2024-54775

Dcat-Admin versions 2.2.0-beta and 2.2.2-beta are affected by a Cross-Site Scripting (XSS) vulnerability exposed via the /admin/auth/menu and /admin/auth/extensions endpoints. The issue is described across multiple sources as XSS; some entries (Snyk) attribute the vulnerability to improper saniti...

CVE-2024-29644

CVE-2024-29644 concerns a Cross Site Scripting vulnerability in dcat-admin v2.1.3 and earlier. The issue allows a remote attacker to execute arbitrary code by injecting a crafted script into the user login box. Documents consistently describe this as a client-side script injection affecting the l...

CVE-2025-0709

CVE-2025-0709 affects Dcat-Admin 2.2.1-beta, specifically the Roles Page component at /admin/auth/roles. Root cause: cross-site scripting (XSS) via manipulation of input on that page; exploitation can be remote and has been disclosed publicly. Multiple sources (NVD, Red Hat, OSV, CVELIST, vulnbod...

CVE-2024-54774

Dcat Admin v2.2.0-beta contains a cross-site scripting (XSS) vulnerability in the /admin/articles/create endpoint. The root cause is the lack of effective filtering and escaping of user-supplied data, enabling an attacker to inject and execute arbitrary web script or HTML. Public references in mu...

CVE-2025-65656

Summary : CVE-2025-65656 affects dcat-admin v2.2.3-beta and earlier, with a file inclusion vulnerability in admin/src/Extend/VersionManager.php. Multiple connected sources confirm the issue and describe an unsafe file-upload/inclusion path that can lead to server file access. Affected component :...