CVE-2023-31223

CVE-2023-31223

by mrahier96

Abstract Advisory Information

The application is prone to a stored XSS (Cross-Site Scripting) attack.

Author: Elliot RASCH

Version affected

Name: Dradis Pro

Versions: V4.7.0

Common Vulnerability Scoring System

8.7

CVSS:3.1 AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N

Patch

V4.8

References

Vulnerability Disclosure Timeline

    • 02/03/2022: Vulnerability discovery
    • 13/03/2022: Vulnerability Report to CERT-XLM
    • 17/03/2022: Vulnerability Report to Vendor through Investigation
    • 17/03/2022: Vulnerability PoC sent to vendor
    • 17/03/2022: Vulnerability acknowledged by Vendor, forwarded PoC to the correct team.
    • 14/04/2022: Updated asked to the vendor
    • 25/04/2023: Vendor contacted again for an update
    • 25/04/2023: Acknowledge from vendor. Vulnerability fixed in v4.8
    • 25/04/2023: Request CVE ID to Mitre
    • 26/04/2023: Use CVE-2023-31223.
    • 09/05/2023: Expected Vulnerability disclosure
Top