CVE-2023-1746: Dreamer CMS File Upload cross site scripting
First published: Thu Mar 30 2023(Updated: )
A vulnerability, which was classified as problematic, was found in Dreamer CMS up to 3.5.0. Affected is an unknown function of the component File Upload Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. VDB-224634 is the identifier assigned to this vulnerability.
Credit: cna@vuldb.com cna@vuldb.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Dreamer Cms Project Dreamer Cms | <=3.5.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2023-1746?
The severity of CVE-2023-1746 is medium.
What is the affected software for CVE-2023-1746?
The affected software for CVE-2023-1746 is Dreamer CMS up to version 3.5.0.
What is the CWE ID for CVE-2023-1746?
The CWE ID for CVE-2023-1746 is 79.
How can the vulnerability in CVE-2023-1746 be exploited?
The vulnerability in CVE-2023-1746 can be exploited through remote attack.
Is there a fix available for CVE-2023-1746?
Yes, upgrading to a version higher than 3.5.0 of Dreamer CMS will fix the vulnerability in CVE-2023-1746.
- collector/nvd-index
- agent/type
- agent/event
- agent/softwarecombine
- agent/first-publish-date
- agent/title
- agent/severity
- agent/weakness
- agent/references
- agent/author
- agent/tags
- agent/description
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/last-modified-date
- collector/mitre-cve
- source/MITRE
- vendor/dreamer cms project
- canonical/dreamer cms project dreamer cms
- version/dreamer cms project dreamer cms/3.5.0