6 matches found
CVE-2022-30028
Dradis Professional Edition (affected: prior to 4.3.0) is vulnerable to password change via reusing a password reset token in the password reset flow. Root cause: token reuse during reset enables an attacker to set a new password for an account. Impact: unauthorized password change as described i...
CVE-2023-31223
Dradis pre-4.8.0 is affected by a persistent XSS vulnerability exploitable by authenticated author users through avatars. Root cause relates to avatar handling; impact involves potential corruption of the browser context (XSS) with access to data in that session. Resolution per multiple sources: ...
CVE-2019-19946
The vulnerability CVE-2019-19946 affects Dradis Pro 3.4.1, where the API allows any user to extract the contents of a project even if not a member of the project team. This is an information leakage issue via the API surface; the available connected sources confirm the product/version and the una...
CVE-2019-5925
CVE-2019-5925 describes a cross-site scripting vulnerability in Dradis Community Edition (v3.11 and earlier) and Dradis Professional Edition (v3.1.1 and earlier) . The issue allows a remote authenticated attacker to inject arbitrary web script or HTML via unspecified vectors, potentially affectin...
CVE-2023-50458
Summary: CVE-2023-50458 affects Dradis before 4.11.0. The Output Console can expose a job queue that may contain information about other users’ jobs, representing a potential information disclosure. "What is affected": Dradis core software, prior to version 4.11.0. "Root cause / vulnerability typ...
CVE-2023-50786
CVE-2023-50786 affects Dradis 4.16.0 and earlier, where references to external HTTPS images are allowed instead of forcing embedded images. This can enable an authorized author to attempt theft of Net-NTLM hashes from other authors on a Windows domain network. Remediation: upgrade to a version th...