Dradis
Monthly
A remote code execution vulnerability in Dradis through 4.16.0 (CVSS 4.1). Remediation should follow standard vulnerability management procedures.
Dradis before 4.8.0 allows persistent XSS by authenticated author users, related to avatars. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Dradis Professional Edition before 4.3.0 allows attackers to change an account password via reusing a password reset token. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
Cross-site scripting vulnerability in Dradis Community Edition Dradis Community Edition v3.11 and earlier and Dradis Professional Edition v3.1.1 and earlier allow remote authenticated attackers to. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
A remote code execution vulnerability in Dradis through 4.16.0 (CVSS 4.1). Remediation should follow standard vulnerability management procedures.
Dradis before 4.8.0 allows persistent XSS by authenticated author users, related to avatars. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Dradis Professional Edition before 4.3.0 allows attackers to change an account password via reusing a password reset token. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
Cross-site scripting vulnerability in Dradis Community Edition Dradis Community Edition v3.11 and earlier and Dradis Professional Edition v3.1.1 and earlier allow remote authenticated attackers to. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.