Dreamer CMS
by iteachyou
CVEs (6)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-43382 | Hig | 0.57 | 8.8 | 0.01 | Sep 25, 2023 | Directory Traversal vulnerability in itechyou dreamer CMS v.4.1.3 allows a remote attacker to execute arbitrary code via the themePath in the uploaded template function. | ||
| CVE-2023-29774 | Med | 0.35 | 5.4 | 0.00 | Apr 18, 2023 | Dreamer CMS 3.0.1 is vulnerable to stored Cross Site Scripting (XSS). | ||
| CVE-2025-3977 | Med | 0.28 | 4.3 | 0.00 | Apr 27, 2025 | A vulnerability was found in iteachyou Dreamer CMS up to 4.1.3. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/attachment/download of the component Attachment Handler. The manipulation of the argument ID leads… | ||
| CVE-2025-1543 | Med | 0.28 | 4.3 | 0.01 | Feb 21, 2025 | A vulnerability, which was classified as problematic, has been found in iteachyou Dreamer CMS 4.1.3. This issue affects some unknown processing of the file /resource/js/ueditor-1.4.3.3. The manipulation leads to path traversal. The attack may be initiated remotely. The exploit… | ||
| CVE-2025-1548 | Low | 0.23 | 3.5 | 0.00 | Feb 21, 2025 | A vulnerability was found in iteachyou Dreamer CMS 4.1.3. It has been declared as problematic. This vulnerability affects unknown code of the file /admin/archives/edit. The manipulation of the argument editorValue/answer/content leads to cross site scripting. The attack can be… | ||
| CVE-2025-10320 | Low | 0.20 | 3.1 | 0.00 | Sep 12, 2025 | A vulnerability was detected in iteachyou Dreamer CMS up to 4.1.3.2. This issue affects some unknown processing of the file /admin/user/updatePwd. Performing manipulation results in weak password requirements. Remote exploitation of the attack is possible. A high degree of… |
- risk 0.57cvss 8.8epss 0.01
Directory Traversal vulnerability in itechyou dreamer CMS v.4.1.3 allows a remote attacker to execute arbitrary code via the themePath in the uploaded template function.
- risk 0.35cvss 5.4epss 0.00
Dreamer CMS 3.0.1 is vulnerable to stored Cross Site Scripting (XSS).
- risk 0.28cvss 4.3epss 0.00
A vulnerability was found in iteachyou Dreamer CMS up to 4.1.3. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/attachment/download of the component Attachment Handler. The manipulation of the argument ID leads…
- risk 0.28cvss 4.3epss 0.01
A vulnerability, which was classified as problematic, has been found in iteachyou Dreamer CMS 4.1.3. This issue affects some unknown processing of the file /resource/js/ueditor-1.4.3.3. The manipulation leads to path traversal. The attack may be initiated remotely. The exploit…
- risk 0.23cvss 3.5epss 0.00
A vulnerability was found in iteachyou Dreamer CMS 4.1.3. It has been declared as problematic. This vulnerability affects unknown code of the file /admin/archives/edit. The manipulation of the argument editorValue/answer/content leads to cross site scripting. The attack can be…
- risk 0.20cvss 3.1epss 0.00
A vulnerability was detected in iteachyou Dreamer CMS up to 4.1.3.2. This issue affects some unknown processing of the file /admin/user/updatePwd. Performing manipulation results in weak password requirements. Remote exploitation of the attack is possible. A high degree of…