Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Dreamer_cms
(Dreamer_cms_project)Repositories |
Unknown: This might be proprietary software. |
#Vulnerabilities | 22 |
Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2023-10-17 | CVE-2023-45902 | Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/attachment/delete. | Dreamer_cms | 8.8 | ||
2023-10-17 | CVE-2023-45903 | Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/label/delete. | Dreamer_cms | 8.8 | ||
2023-10-17 | CVE-2023-45904 | Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /variable/update. | Dreamer_cms | 8.8 | ||
2023-10-17 | CVE-2023-45905 | Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/variable/add. | Dreamer_cms | 8.8 | ||
2023-10-17 | CVE-2023-45906 | Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/user/add. | Dreamer_cms | 8.8 | ||
2023-10-17 | CVE-2023-45907 | Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/variable/delete. | Dreamer_cms | 8.8 | ||
2023-09-27 | CVE-2023-43857 | Dreamer CMS v4.1.3 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the component /admin/u/toIndex. | Dreamer_cms | 5.4 | ||
2023-09-27 | CVE-2023-43856 | Dreamer CMS v4.1.3 was discovered to contain an arbitrary file read vulnerability via the component /admin/TemplateController.java. | Dreamer_cms | 7.5 | ||
2022-11-17 | CVE-2022-42245 | Dreamer CMS 4.0.01 is vulnerable to SQL Injection. | Dreamer_cms | 9.8 | ||
2023-03-16 | CVE-2023-27084 | Permissions vulnerability found in isoftforce Dreamer CMS v.4.0.1 allows local attackers to obtain sensitive information via the AttachmentController parameter. | Dreamer_cms | 5.3 |