VDB-224634 · CVE-2023-1746 · Issue 11

Dreamer CMS up to 3.5.0 File Upload cross site scripting

A vulnerability, which was classified as problematic, was found in Dreamer CMS up to 3.5.0. Affected is an unknown function of the component File Upload Handler. The manipulation leads to cross site scripting. Using CWE to declare the problem leads to CWE-79. The weakness was shared 03/30/2023 as 11. The advisory is available at github.com. This vulnerability is traded as CVE-2023-1746. It is possible to launch the attack remotely. There are no technical details available. There is no exploit available. The structure of the vulnerability defines a possible price range of USD $0-$5k at the moment. This vulnerability is assigned to T1059.007 by the MITRE ATT&CK project. It is declared as not defined. As 0-day the estimated underground price was around $0-$5k. A possible mitigation has been published before and not just after the disclosure of the vulnerability.

Field	03/30/2023 21:36	04/20/2023 16:25	04/20/2023 16:32
name	Dreamer CMS	Dreamer CMS	Dreamer CMS
version	<=3.5.0	<=3.5.0	<=3.5.0
component	File Upload Handler	File Upload Handler	File Upload Handler
cwe	79 (cross site scripting)	79 (cross site scripting)	79 (cross site scripting)
risk	1	1	1
cvss3_vuldb_av	N	N	N
cvss3_vuldb_ac	L	L	L
cvss3_vuldb_ui	R	R	R
cvss3_vuldb_s	U	U	U
cvss3_vuldb_c	N	N	N
cvss3_vuldb_i	L	L	L
cvss3_vuldb_a	N	N	N
cvss3_vuldb_rc	R	R	R
url	https://github.com/iteachyou-wjn/dreamer_cms/issues/11	https://github.com/iteachyou-wjn/dreamer_cms/issues/11	https://github.com/iteachyou-wjn/dreamer_cms/issues/11
cve	CVE-2023-1746	CVE-2023-1746	CVE-2023-1746
responsible	VulDB	VulDB	VulDB
date	1680127200 (03/30/2023)	1680127200 (03/30/2023)	1680127200 (03/30/2023)
type	Content Management System	Content Management System	Content Management System
cvss2_vuldb_av	N	N	N
cvss2_vuldb_ac	L	L	L
cvss2_vuldb_ci	N	N	N
cvss2_vuldb_ii	P	P	P
cvss2_vuldb_ai	N	N	N
cvss2_vuldb_rc	UR	UR	UR
cvss2_vuldb_au	S	S	S
cvss2_vuldb_e	ND	ND	ND
cvss2_vuldb_rl	ND	ND	ND
cvss3_vuldb_pr	L	L	L
cvss3_vuldb_e	X	X	X
cvss3_vuldb_rl	X	X	X
cvss2_vuldb_basescore	4.0	4.0	4.0
cvss2_vuldb_tempscore	3.8	3.8	3.8
cvss3_vuldb_basescore	3.5	3.5	3.5
cvss3_vuldb_tempscore	3.4	3.4	3.4
cvss3_meta_basescore	3.5	3.5	4.1
cvss3_meta_tempscore	3.4	3.4	4.1
price_0day	$0-$5k	$0-$5k	$0-$5k
identifier		11	11
cve_assigned		1680127200 (03/30/2023)	1680127200 (03/30/2023)
cve_nvd_summary		A vulnerability, which was classified as problematic, was found in Dreamer CMS up to 3.5.0. Affected is an unknown function of the component File Upload Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. VDB-224634 is the identifier assigned to this vulnerability.	A vulnerability, which was classified as problematic, was found in Dreamer CMS up to 3.5.0. Affected is an unknown function of the component File Upload Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. VDB-224634 is the identifier assigned to this vulnerability.
cvss3_cna_basescore			3.5
cvss3_nvd_av			N
cvss3_nvd_ac			L
cvss3_nvd_pr			L
cvss3_nvd_ui			R
cvss3_nvd_s			C
cvss3_nvd_c			L
cvss3_nvd_i			L
cvss3_nvd_a			N
cvss2_nvd_av			N
cvss2_nvd_ac			L
cvss2_nvd_au			S
cvss2_nvd_ci			N
cvss2_nvd_ii			P
cvss2_nvd_ai			N
cvss3_cna_av			N
cvss3_cna_ac			L
cvss3_cna_pr			L
cvss3_cna_ui			R
cvss3_cna_s			U
cvss3_cna_c			N
cvss3_cna_i			L
cvss3_cna_a			N
cve_cna			VulDB
cvss2_nvd_basescore			4.0
cvss3_nvd_basescore			5.4

◂ Previous Overview Next ▸

Do you know our Splunk app?

Download it now for free!