CVE-2023-1746

A vulnerability, which was classified as problematic, was found in Dreamer CMS up to 3.5.0. Affected is an unknown function of the component File Upload Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. VDB-224634 is the identifier assigned to this vulnerability.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
3.5 LOW
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
VulDBCNA
3.5 LOW
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
CVEADP
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 22%
VendorProductVersion
iteachyoudreamer_cms
𝑥
≤ 3.5.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/iteachyou-wjn/dreamer_cms/issues/11
https://vuldb.com/?ctiid.224634
https://vuldb.com/?id.224634
https://github.com/iteachyou-wjn/dreamer_cms/issues/11
https://vuldb.com/?ctiid.224634
https://vuldb.com/?id.224634