CVE-2019-19946 — CVSS 6.5 (medium): The API in Dradis Pro 3.4.1 allows any user to extract the content of a project, even if this user is not part of the project team.
CVE-2022-30028 — CVSS 5.9 (medium): Dradis Professional Edition before 4.3.0 allows attackers to change an account password via reusing a password reset token.
CVE-2019-5925 — CVSS 5.4 (medium): Cross-site scripting vulnerability in Dradis Community Edition Dradis Community Edition v3.11 and earlier and Dradis Professional Edition…
CVE-2023-50786 — CVSS 4.1 (medium): Dradis through 4.16.0 allows referencing external images (resources) over HTTPS, instead of forcing the use of embedded (uploaded) images…
CVE-2023-50458 — CVSS 3.5 (low): In Dradis before 4.11.0, the Output Console shows a job queue that may contain information about other users' jobs.