Dradisframework Dradis

6 CVEs affecting Dradisframework Dradis. Latest disclosed: 2025-07-10. Critical: 0, High: 1.

Top CVEs affecting Dradisframework Dradis
CVESeverityScorePublishedSummary
CVE-2023-31223High8.72023-04-25Dradis before 4.8.0 allows persistent XSS by authenticated author users, related to avatars.
CVE-2019-19946Medium6.52020-03-16The API in Dradis Pro 3.4.1 allows any user to extract the content of a project, even if this user is not part of the project team.
CVE-2022-30028Medium5.92022-06-24Dradis Professional Edition before 4.3.0 allows attackers to change an account password via reusing a password reset token.
CVE-2019-5925Medium5.42019-03-12Cross-site scripting vulnerability in Dradis Community Edition Dradis Community Edition v3.11 and earlier and Dradis Professional Edition v3.1.1 and earlier al…
CVE-2023-50786Medium4.12025-07-05Dradis through 4.16.0 allows referencing external images (resources) over HTTPS, instead of forcing the use of embedded (uploaded) images. This can be leverage…
CVE-2023-50458Low3.52025-07-10In Dradis before 4.11.0, the Output Console shows a job queue that may contain information about other users' jobs.