CVE-2023-1746 LOW

CVE-2023-1746: Dreamer CMS File Upload cross site scripting

Vendor N/A
Product Dreamer CMS
Weakness CWE-79 · XSS
Published March 30, 2023
Last update November 22, 2024
View on NVD All CVEs

CVSS base score

3.5/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction Required
Confidentiality None
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

What the vulnerability does

01Description

A vulnerability, which was classified as problematic, was found in Dreamer CMS up to 3.5.0. Affected is an unknown function of the component File Upload Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. VDB-224634 is the identifier assigned to this vulnerability.

Key dates

02Disclosure timeline

March 30, 2023 CVE published
November 22, 2024 Record updated

Related vulnerabilities

04Related CVE

CVE-2023-41861 WordPress Restrict Plugin <= 2.2.4 is vulnerable to Cross Site Scripting (XSS) CVE-2024-3166 Cross-Site Scripting (XSS) Vulnerability in mintplex-labs/anything-llm CVE-2023-31233 WordPress Baidu Tongji generator Plugin <= 1.0.2 is vulnerable to Cross Site Scripting (XSS) CVE-2025-14000 Membership Plugin – Restrict Content <= 3.2.15 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcodes CVE-2024-7793 SourceCodester Task Progress Tracker add-task.php cross site scripting