Skip to main content

Dradis

4 CVEs product

Monthly

CVE-2023-50786 MEDIUM This Month

A remote code execution vulnerability in Dradis through 4.16.0 (CVSS 4.1). Remediation should follow standard vulnerability management procedures.

Microsoft Information Disclosure Dradis Windows
NVD
CVSS 3.1
4.1
EPSS
0.0%
CVE-2023-31223 MEDIUM This Month

Dradis before 4.8.0 allows persistent XSS by authenticated author users, related to avatars. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Dradis
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-30028 MEDIUM This Month

Dradis Professional Edition before 4.3.0 allows attackers to change an account password via reusing a password reset token. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Race Condition Information Disclosure Dradis
NVD
CVSS 3.1
5.9
EPSS
0.5%
CVE-2019-5925 MEDIUM This Month

Cross-site scripting vulnerability in Dradis Community Edition Dradis Community Edition v3.11 and earlier and Dradis Professional Edition v3.1.1 and earlier allow remote authenticated attackers to. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Dradis
NVD
CVSS 3.0
5.4
EPSS
0.8%
EPSS 0% CVSS 4.1
MEDIUM This Month

A remote code execution vulnerability in Dradis through 4.16.0 (CVSS 4.1). Remediation should follow standard vulnerability management procedures.

Microsoft Information Disclosure Dradis +1
NVD
EPSS 1% CVSS 5.4
MEDIUM This Month

Dradis before 4.8.0 allows persistent XSS by authenticated author users, related to avatars. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Dradis
NVD
EPSS 0% CVSS 5.9
MEDIUM This Month

Dradis Professional Edition before 4.3.0 allows attackers to change an account password via reusing a password reset token. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Race Condition Information Disclosure Dradis
NVD
EPSS 1% CVSS 5.4
MEDIUM This Month

Cross-site scripting vulnerability in Dradis Community Edition Dradis Community Edition v3.11 and earlier and Dradis Professional Edition v3.1.1 and earlier allow remote authenticated attackers to. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Dradis
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy