CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2023-0513 – isoftforce Dreamer CMS cross site scripting
https://notcve.org/view.php?id=CVE-2023-0513
A vulnerability has been found in isoftforce Dreamer CMS up to 4.0.1 and classified as problematic. This vulnerability affects unknown code. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. • https://gitee.com/isoftforce/dreamer_cms/issues/I68UYM https://gitee.com/isoftforce/dreamer_cms/tree/Latest_Stable_Release_4.1.3 https://vuldb.com/?ctiid.219334 https://vuldb.com/?id.219334 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-42245
https://notcve.org/view.php?id=CVE-2022-42245
Dreamer CMS 4.0.01 is vulnerable to SQL Injection. Dreamer CMS 4.0.01 es vulnerable a la inyección SQL. • https://gitee.com/isoftforce/dreamer_cms/issues/I5U408 https://packetstormsecurity.com/files/171585/Dreamer-CMS-4.0.0-SQL-Injection.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-43084
https://notcve.org/view.php?id=CVE-2021-43084
An SQL Injection vulnerability exists in Dreamer CMS 4.0.0 via the tableName parameter. Se presenta una vulnerabilidad de inyección SQL en Dreamer CMS versión 4.0.0, por medio del parámetro tableName • https://gitee.com/isoftforce/dreamer_cms/issues/I4F93V • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •