Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
DradisframeworkDradis

6 matches found

CVE
CVEadded 2022/06/24 5:15 p.m.62 views

CVE-2022-30028

Dradis Professional Edition before 4.3.0 allows attackers to change an account password via reusing a password reset token.

5.9CVSS5.8AI score0.00187EPSS
CVE
CVEadded 2023/04/25 11:15 p.m.40 views

CVE-2023-31223

Dradis before 4.8.0 allows persistent XSS by authenticated author users, related to avatars.

8.7CVSS5.1AI score0.00097EPSS
CVE
CVEadded 2020/03/16 6:15 p.m.31 views

CVE-2019-19946

The API in Dradis Pro 3.4.1 allows any user to extract the content of a project, even if this user is not part of the project team.

6.5CVSS6.4AI score0.0028EPSS
CVE
CVEadded 2019/03/12 10:29 p.m.26 views

CVE-2019-5925

Cross-site scripting vulnerability in Dradis Community Edition Dradis Community Edition v3.11 and earlier and Dradis Professional Edition v3.1.1 and earlier allow remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.

5.4CVSS5AI score0.00236EPSS
CVE
CVEadded 2025/07/05 4:15 a.m.9 views

CVE-2023-50786

Dradis through 4.16.0 allows referencing external images (resources) over HTTPS, instead of forcing the use of embedded (uploaded) images. This can be leveraged by an authorized author to attempt to steal the Net-NTLM hashes of other authors on a Windows domain network.

4.1CVSS6.5AI score0.00023EPSS
CVE
CVEadded 2025/07/10 4:15 a.m.7 views

CVE-2023-50458

In Dradis before 4.11.0, the Output Console shows a job queue that may contain information about other users' jobs.

3.5CVSS6.3AI score0.00028EPSS