CVSS: 5.1EPSS: 0%CPEs: 1EXPL: 1CVE-2025-1548 – iteachyou Dreamer CMS edit cross site scripting
https://notcve.org/view.php?id=CVE-2025-1548
21 Feb 2025 — A vulnerability was found in iteachyou Dreamer CMS 4.1.3. It has been declared as problematic. This vulnerability affects unknown code of the file /admin/archives/edit. The manipulation of the argument editorValue/answer/content leads to cross site scripting. The attack can be initiated remotely. • https://github.com/cydtseng/Vulnerability-Research/blob/main/dreamercms/RemoteFileInclusion-ArticleEditorImageUpload.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2025-1543 – iteachyou Dreamer CMS ueditor-1.4.3.3 path traversal
https://notcve.org/view.php?id=CVE-2025-1543
21 Feb 2025 — A vulnerability, which was classified as problematic, has been found in iteachyou Dreamer CMS 4.1.3. This issue affects some unknown processing of the file /resource/js/ueditor-1.4.3.3. The manipulation leads to path traversal. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/cydtseng/Vulnerability-Research/blob/main/dreamercms/PathTraversal-UeditorResource.md • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-7091 – Dreamer CMS uploadFile unrestricted upload
https://notcve.org/view.php?id=CVE-2023-7091
24 Dec 2023 — A vulnerability was found in Dreamer CMS 4.1.3. It has been declared as problematic. This vulnerability affects unknown code of the file /upload/uploadFile. The manipulation of the argument file leads to unrestricted upload. The attack can be initiated remotely. • https://github.com/sweatxi/BugHub/blob/main/Dreamer-CMS.pdf • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-50017
https://notcve.org/view.php?id=CVE-2023-50017
14 Dec 2023 — Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/database/backup Se descubrió que Dreamer CMS v4.1.3 contiene Cross-Site Request Forgery (CSRF) a través del componente /admin/database/backup • https://github.com/849200701/cms/blob/main/CSRF%20exists%20in%20the%20backup%20and%20restore%20location.md • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-49484
https://notcve.org/view.php?id=CVE-2023-49484
08 Dec 2023 — Dreamer CMS v4.1.3 was discovered to contain a cross-site scripting (XSS) vulnerability in the article management department. Se descubrió que Dreamer CMS v4.1.3 contiene una vulnerabilidad de Cross-Site Scripting (XSS) en el departamento de administración de artículos. • https://github.com/jiaofj/cms/blob/main/There%20is%20a%20storage%20based%20XSS%20in%20the%20article%20management%20department.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-48912
https://notcve.org/view.php?id=CVE-2023-48912
30 Nov 2023 — Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/archives/edit. Se descubrió que Dreamer CMS v4.1.3 contenía Cross-Site Request Forgery (CSRF) a través del componente /admin/archives/edit. • https://github.com/Tiamat-ron/cms/blob/main/There%20is%20a%20csrf%20in%20the%20article%20management%20modification%20section.md • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-48913
https://notcve.org/view.php?id=CVE-2023-48913
30 Nov 2023 — Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/archives/delete. Se descubrió que Dreamer CMS v4.1.3 contenía Cross-Site Request Forgery (CSRF) a través del componente /admin/archives/delete. • https://github.com/Tiamat-ron/cms/blob/main/The%20deletion%20function%20of%20the%20Article%20Management%20Office%20exists%20in%20CSRF.md • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-48914
https://notcve.org/view.php?id=CVE-2023-48914
30 Nov 2023 — Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/archives/add. Se descubrió que Dreamer CMS v4.1.3 contenía Cross-Site Request Forgery (CSRF) a través del componente /admin/archives/add. • https://github.com/Tiamat-ron/cms/blob/main/There%20is%20a%20csrf%20in%20the%20newly%20added%20section%20of%20article%20management.md • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-48020
https://notcve.org/view.php?id=CVE-2023-48020
14 Nov 2023 — Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/task/changeStatus. Se descubrió que Dreamer CMS v4.1.3 contiene una vulnerabilidad de Cross-Site Request Forgery (CSRF) a través de /admin/task/changeStatus. • https://github.com/moonsabc123/dreamer_cms/blob/main/Enable%20CSRF%20for%20Task%20Management%20Office.md • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-48021
https://notcve.org/view.php?id=CVE-2023-48021
14 Nov 2023 — Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/task/update. Se descubrió que Dreamer CMS v4.1.3 contiene una vulnerabilidad de Cross-Site Request Forgery (CSRF) a través de /admin/task/update. • https://github.com/moonsabc123/dreamer_cms/blob/main/There%20is%20a%20CSRF%20in%20the%20task%20management%20editing%20task%20area.md • CWE-352: Cross-Site Request Forgery (CSRF) •