Abstract Advisory Information
The application is prone to a stored XSS (Cross-Site Scripting) attack.
Author: Elliot RASCH
Version affected
Name: Dradis Pro
Versions: V4.7.0
Common Vulnerability Scoring System
8.7
CVSS:3.1 AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N
Patch
V4.8
References
Vulnerability Disclosure Timeline
-
- 02/03/2022: Vulnerability discovery
- 13/03/2022: Vulnerability Report to CERT-XLM
- 17/03/2022: Vulnerability Report to Vendor through Investigation
- 17/03/2022: Vulnerability PoC sent to vendor
- 17/03/2022: Vulnerability acknowledged by Vendor, forwarded PoC to the correct team.
- 14/04/2022: Updated asked to the vendor
- 25/04/2023: Vendor contacted again for an update
- 25/04/2023: Acknowledge from vendor. Vulnerability fixed in v4.8
- 25/04/2023: Request CVE ID to Mitre
- 26/04/2023: Use CVE-2023-31223.
- 09/05/2023: Expected Vulnerability disclosure