Dradisframework Dradis
6 CVEs affecting Dradisframework Dradis. Latest disclosed: 2025-07-10. Critical: 0, High: 1.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2023-31223 | High | 8.7 | 2023-04-25 | Dradis before 4.8.0 allows persistent XSS by authenticated author users, related to avatars. |
CVE-2019-19946 | Medium | 6.5 | 2020-03-16 | The API in Dradis Pro 3.4.1 allows any user to extract the content of a project, even if this user is not part of the project team. |
CVE-2022-30028 | Medium | 5.9 | 2022-06-24 | Dradis Professional Edition before 4.3.0 allows attackers to change an account password via reusing a password reset token. |
CVE-2019-5925 | Medium | 5.4 | 2019-03-12 | Cross-site scripting vulnerability in Dradis Community Edition Dradis Community Edition v3.11 and earlier and Dradis Professional Edition v3.1.1 and earlier al… |
CVE-2023-50786 | Medium | 4.1 | 2025-07-05 | Dradis through 4.16.0 allows referencing external images (resources) over HTTPS, instead of forcing the use of embedded (uploaded) images. This can be leverage… |
CVE-2023-50458 | Low | 3.5 | 2025-07-10 | In Dradis before 4.11.0, the Output Console shows a job queue that may contain information about other users' jobs. |