Vulnerabilities > Dradisframework > Dradis > 3.4.1
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-04-25 | CVE-2023-31223 | Cross-site Scripting vulnerability in Dradisframework Dradis Dradis before 4.8.0 allows persistent XSS by authenticated author users, related to avatars. | 5.4 |
| 2022-06-24 | CVE-2022-30028 | Race Condition vulnerability in Dradisframework Dradis Dradis Professional Edition before 4.3.0 allows attackers to change an account password via reusing a password reset token. | 5.9 |
| 2020-03-16 | CVE-2019-19946 | Authorization Bypass Through User-Controlled Key vulnerability in Dradisframework Dradis 3.4.1 The API in Dradis Pro 3.4.1 allows any user to extract the content of a project, even if this user is not part of the project team. | 6.5 |