Lucene search
+L
DradisframeworkDradis

6 matches found

CVE
CVE
added 2022/06/24 4:27 p.m.77 views

CVE-2022-30028

Dradis Professional Edition (affected: prior to 4.3.0) is vulnerable to password change via reusing a password reset token in the password reset flow. Root cause: token reuse during reset enables an attacker to set a new password for an account. Impact: unauthorized password change as described i...

5.9CVSS5.8AI score0.00498EPSS
CVE
CVE
added 2023/04/25 12:0 a.m.53 views

CVE-2023-31223

Dradis pre-4.8.0 is affected by a persistent XSS vulnerability exploitable by authenticated author users through avatars. Root cause relates to avatar handling; impact involves potential corruption of the browser context (XSS) with access to data in that session. Resolution per multiple sources: ...

8.7CVSS5.1AI score0.00509EPSS
CVE
CVE
added 2020/03/16 5:31 p.m.45 views

CVE-2019-19946

The vulnerability CVE-2019-19946 affects Dradis Pro 3.4.1, where the API allows any user to extract the contents of a project even if not a member of the project team. This is an information leakage issue via the API surface; the available connected sources confirm the product/version and the una...

6.5CVSS6.4AI score0.01187EPSS
CVE
CVE
added 2019/03/12 9:0 p.m.38 views

CVE-2019-5925

CVE-2019-5925 describes a cross-site scripting vulnerability in Dradis Community Edition (v3.11 and earlier) and Dradis Professional Edition (v3.1.1 and earlier) . The issue allows a remote authenticated attacker to inject arbitrary web script or HTML via unspecified vectors, potentially affectin...

5.4CVSS5AI score0.0082EPSS
CVE
CVE
added 2025/07/10 12:0 a.m.38 views

CVE-2023-50458

Summary: CVE-2023-50458 affects Dradis before 4.11.0. The Output Console can expose a job queue that may contain information about other users’ jobs, representing a potential information disclosure. "What is affected": Dradis core software, prior to version 4.11.0. "Root cause / vulnerability typ...

4.3CVSS6.3AI score0.00186EPSS
CVE
CVE
added 2025/07/05 12:0 a.m.32 views

CVE-2023-50786

CVE-2023-50786 affects Dradis 4.16.0 and earlier, where references to external HTTPS images are allowed instead of forcing embedded images. This can enable an authorized author to attempt theft of Net-NTLM hashes from other authors on a Windows domain network. Remediation: upgrade to a version th...

4.3CVSS6.5AI score0.00227EPSS