Dradis@* Security Vulnerabilities and Issues — Dradis@* CVE List

Lucene search

DradisframeworkDradis*

5 matches found

CVE•added 2022/06/24 5:15 p.m.•62 views

CVE-2022-30028

Dradis Professional Edition before 4.3.0 allows attackers to change an account password via reusing a password reset token.

5.9CVSS5.8AI score0.00187EPSS

CVE•added 2023/04/25 11:15 p.m.•40 views

CVE-2023-31223

Dradis before 4.8.0 allows persistent XSS by authenticated author users, related to avatars.

8.7CVSS5.1AI score0.00097EPSS

CVE•added 2019/03/12 10:29 p.m.•26 views

CVE-2019-5925

Cross-site scripting vulnerability in Dradis Community Edition Dradis Community Edition v3.11 and earlier and Dradis Professional Edition v3.1.1 and earlier allow remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.

5.4CVSS5AI score0.00236EPSS

CVE•added 2025/07/05 4:15 a.m.•9 views

CVE-2023-50786

Dradis through 4.16.0 allows referencing external images (resources) over HTTPS, instead of forcing the use of embedded (uploaded) images. This can be leveraged by an authorized author to attempt to steal the Net-NTLM hashes of other authors on a Windows domain network.

4.1CVSS6.5AI score0.00023EPSS

CVE•added 2025/07/10 4:15 a.m.•7 views

CVE-2023-50458

In Dradis before 4.11.0, the Output Console shows a job queue that may contain information about other users' jobs.

3.5CVSS6.3AI score0.00028EPSS