Abstract Advisory Information
The application is prone to a stored XSS (Cross-Site Scripting) attack.
Author: Elliot RASCH
Name: Dradis Pro
Common Vulnerability Scoring System
Vulnerability Disclosure Timeline
- 02/03/2022: Vulnerability discovery
- 13/03/2022: Vulnerability Report to CERT-XLM
- 17/03/2022: Vulnerability Report to Vendor through Investigation
- 17/03/2022: Vulnerability PoC sent to vendor
- 17/03/2022: Vulnerability acknowledged by Vendor, forwarded PoC to the correct team.
- 14/04/2022: Updated asked to the vendor
- 25/04/2023: Vendor contacted again for an update
- 25/04/2023: Acknowledge from vendor. Vulnerability fixed in v4.8
- 25/04/2023: Request CVE ID to Mitre
- 26/04/2023: Use CVE-2023-31223.
- 09/05/2023: Expected Vulnerability disclosure