Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-31223

Dradis before 4.8.0 allows persistent XSS by authenticated author users, related to avatars.

Published

2023-04-25T23:15:09.090

Last Modified

2025-05-30T16:15:34.623

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 8.7 (HIGH)

Weaknesses

Type: Primary
CWE-79
Type: Secondary
CWE-79

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	dradisframework	dradis	< 4.8.0	Yes

References

https://cds.thalesgroup.com/en/tcs-cert/CVE-2023-31223 ([email protected])
https://dradisframework.com/ce/security_reports.html#fixed-4.8.0 Release Notes ([email protected])
https://excellium-services.com/cert-xlm-advisory/cve-2023-31223/ ([email protected])
https://dradisframework.com/ce/security_reports.html#fixed-4.8.0 Release Notes (af854a3a-2127-422b-91ae-364da2661108)
https://excellium-services.com/cert-xlm-advisory/cve-2023-31223/ (af854a3a-2127-422b-91ae-364da2661108)