Cross-site scripting vulnerability in Dradis Community Edition Dradis Community Edition v3.11 and earlier and Dradis Professional Edition v3.1.1 and earlier allow remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| Link | Resource |
|---|---|
| http://jvn.jp/en/jp/JVN40288903/index.html | Third Party Advisory |
| https://dradisframework.com/ce/security_reports.html#fixed-3.11.1 | Vendor Advisory |
| http://jvn.jp/en/jp/JVN40288903/index.html | Third Party Advisory |
| https://dradisframework.com/ce/security_reports.html#fixed-3.11.1 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 04:45
| Type | Values Removed | Values Added |
|---|---|---|
| References | () http://jvn.jp/en/jp/JVN40288903/index.html - Third Party Advisory | |
| References | () https://dradisframework.com/ce/security_reports.html#fixed-3.11.1 - Vendor Advisory |
Information
Published : 2019-03-12 22:29
Updated : 2024-11-21 04:45
NVD link : CVE-2019-5925
Mitre link : CVE-2019-5925
CVE.ORG link : CVE-2019-5925
JSON object : View
Products Affected
dradisframework
- dradis
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')