CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-45904
https://notcve.org/view.php?id=CVE-2023-45904
17 Oct 2023 — Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /variable/update. Se descubrió que Dreamer CMS v4.1.3 contenía Cross-Site Request Forgery (CSRF) a través del componente /variable/update. • https://github.com/moonsabc123/dreamer_cms/blob/main/There%20is%20a%20csrf%20vulnerability%20in%20the%20variable%20management%20modification%20function.md • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-45905
https://notcve.org/view.php?id=CVE-2023-45905
17 Oct 2023 — Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/variable/add. Se descubrió que Dreamer CMS v4.1.3 contenía Cross-Site Request Forgery (CSRF) a través del componente /admin/variable/add. • https://github.com/moonsabc123/dreamer_cms/blob/main/There%20is%20a%20csrf%20vulnerability%20in%20variable%20management%20with%20added%20functionality.md • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-45906
https://notcve.org/view.php?id=CVE-2023-45906
17 Oct 2023 — Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/user/add. Se descubrió que Dreamer CMS v4.1.3 contenía Cross-Site Request Forgery (CSRF) a través del componente /admin/user/add. • https://github.com/moonsabc123/dreamer_cms/blob/main/There%20is%20a%20csrf%20in%20the%20user%20added%20function.md • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-45907
https://notcve.org/view.php?id=CVE-2023-45907
17 Oct 2023 — Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/variable/delete. Se descubrió que Dreamer CMS v4.1.3 contenía Cross-Site Request Forgery (CSRF) a través del componente /admin/variable/delete. • https://github.com/moonsabc123/dreamer_cms/blob/main/There%20is%20a%20csrf%20vulnerability%20in%20the%20variable%20management%20deletion%20function.md • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-43856
https://notcve.org/view.php?id=CVE-2023-43856
26 Sep 2023 — Dreamer CMS v4.1.3 was discovered to contain an arbitrary file read vulnerability via the component /admin/TemplateController.java. Se descubrió que Dreamer CMS v4.1.3 contenía una vulnerabilidad de lectura de archivos arbitraria a través del componente /admin/TemplateController.java. • http://cms.iteachyou.cc • CWE-552: Files or Directories Accessible to External Parties •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-43857
https://notcve.org/view.php?id=CVE-2023-43857
26 Sep 2023 — Dreamer CMS v4.1.3 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the component /admin/u/toIndex. Se descubrió que Dreamer CMS v4.1.3 contiene una vulnerabilidad de Cross-Site Scripting (XSS) almacenadas a través del componente /admin/u/toIndex. • https://gitee.com/iteachyou/dreamer_cms/issues/I834WV • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-4743 – Dreamer CMS file access
https://notcve.org/view.php?id=CVE-2023-4743
03 Sep 2023 — A vulnerability was found in Dreamer CMS up to 4.1.3. It has been classified as problematic. Affected is an unknown function of the file /upload/ueditorConfig?action=config. The manipulation leads to files or directories accessible. • https://github.com/FFR66/Dreamer-CMS_Unauthorized-access-vulnerability • CWE-552: Files or Directories Accessible to External Parties •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-2473 – Dreamer CMS Password Hash Calculation UserController.java updatePwd algorithmic complexity
https://notcve.org/view.php?id=CVE-2023-2473
02 May 2023 — A vulnerability was found in Dreamer CMS up to 4.1.3. It has been declared as problematic. This vulnerability affects the function updatePwd of the file UserController.java of the component Password Hash Calculation. The manipulation leads to inefficient algorithmic complexity. The attack can be initiated remotely. • https://gitee.com/isoftforce/dreamer_cms/issues/I6WHO7 • CWE-407: Inefficient Algorithmic Complexity •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2023-1746 – Dreamer CMS File Upload cross site scripting
https://notcve.org/view.php?id=CVE-2023-1746
30 Mar 2023 — A vulnerability, which was classified as problematic, was found in Dreamer CMS up to 3.5.0. Affected is an unknown function of the component File Upload Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. VDB-224634 is the identifier assigned to this vulnerability. • https://github.com/iteachyou-wjn/dreamer_cms/issues/11 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2023-27084
https://notcve.org/view.php?id=CVE-2023-27084
16 Mar 2023 — Permissions vulnerability found in isoftforce Dreamer CMS v.4.0.1 allows local attackers to obtain sensitive information via the AttachmentController parameter. • https://gitee.com/isoftforce/dreamer_cms/issues/I6GCUN • CWE-732: Incorrect Permission Assignment for Critical Resource •