CVE-2023-50458
- EPSS 0.03%
- Veröffentlicht 10.07.2025 00:00:00
- Zuletzt bearbeitet 07.11.2025 01:03:52
In Dradis before 4.11.0, the Output Console shows a job queue that may contain information about other users' jobs.
CVE-2023-50786
- EPSS 0.04%
- Veröffentlicht 05.07.2025 00:00:00
- Zuletzt bearbeitet 07.11.2025 01:11:54
Dradis through 4.16.0 allows referencing external images (resources) over HTTPS, instead of forcing the use of embedded (uploaded) images. This can be leveraged by an authorized author to attempt to steal the Net-NTLM hashes of other authors on a Win...
CVE-2023-31223
- EPSS 0.16%
- Veröffentlicht 25.04.2023 23:15:09
- Zuletzt bearbeitet 30.05.2025 16:15:34
Dradis before 4.8.0 allows persistent XSS by authenticated author users, related to avatars.
CVE-2022-30028
- EPSS 0.19%
- Veröffentlicht 24.06.2022 17:15:08
- Zuletzt bearbeitet 21.11.2024 07:02:06
Dradis Professional Edition before 4.3.0 allows attackers to change an account password via reusing a password reset token.
CVE-2019-19946
- EPSS 0.28%
- Veröffentlicht 16.03.2020 18:15:12
- Zuletzt bearbeitet 21.11.2024 04:35:43
The API in Dradis Pro 3.4.1 allows any user to extract the content of a project, even if this user is not part of the project team.
CVE-2019-5925
- EPSS 0.24%
- Veröffentlicht 12.03.2019 22:29:01
- Zuletzt bearbeitet 21.11.2024 04:45:45
Cross-site scripting vulnerability in Dradis Community Edition Dradis Community Edition v3.11 and earlier and Dradis Professional Edition v3.1.1 and earlier allow remote authenticated attackers to inject arbitrary web script or HTML via unspecified v...