{"api_version":"1","generated_at":"2026-04-25T21:13:56+00:00","cve":"CVE-2023-0513","urls":{"html":"https://cve.report/CVE-2023-0513","api":"https://cve.report/api/cve/CVE-2023-0513.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2023-0513","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2023-0513"},"summary":{"title":"CVE-2023-0513","description":"A vulnerability has been found in isoftforce Dreamer CMS up to 4.0.1 and classified as problematic. This vulnerability affects unknown code. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 4.1.3 is able to address this issue. It is recommended to upgrade the affected component. VDB-219334 is the identifier assigned to this vulnerability.","state":"PUBLIC","assigner":"cna@vuldb.com","published_at":"2023-01-26 21:18:00","updated_at":"2023-11-07 04:00:00"},"problem_types":["CWE-79"],"metrics":[],"references":[{"url":"https://gitee.com/isoftforce/dreamer_cms/issues/I68UYM","name":"https://gitee.com/isoftforce/dreamer_cms/issues/I68UYM","refsource":"MISC","tags":[],"title":"存在存储型xss及未授权访问漏洞 · Issue #I68UYM · 王俊南/Dreamer CMS（梦想家CMS内容管理系统） - Gitee.com","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://gitee.com/isoftforce/dreamer_cms/tree/Latest_Stable_Release_4.1.3","name":"https://gitee.com/isoftforce/dreamer_cms/tree/Latest_Stable_Release_4.1.3","refsource":"MISC","tags":[],"title":"Dreamer CMS（梦想家CMS内容管理系统）: Dreamer CMS 梦想家内容发布系统采用流行的SpringBoot搭建，支持静态化、标签化建站。不需要专业的后台开发技能，会HTML就能建站，上手超简单；只需使用系统提供的标签就能轻松建设网站。全面支持各类表单字段，真正实现“0”代码建网站。 - Gitee.com","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://vuldb.com/?ctiid.219334","name":"https://vuldb.com/?ctiid.219334","refsource":"MISC","tags":[],"title":"","mime":"text/plain","httpstatus":"403","archivestatus":"404"},{"url":"https://vuldb.com/?id.219334","name":"https://vuldb.com/?id.219334","refsource":"MISC","tags":[],"title":"","mime":"text/plain","httpstatus":"403","archivestatus":"404"},{"url":"https://www.cve.org/CVERecord?id=CVE-2023-0513","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-0513","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2023","cve_id":"513","vulnerable":"1","versionEndIncluding":"4.0.1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"dreamer_cms_project","cpe5":"dreamer_cms","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"data_version":"4.0","data_type":"CVE","data_format":"MITRE","CVE_data_meta":{"ID":"CVE-2023-0513","ASSIGNER":"cna@vuldb.com","STATE":"PUBLIC"},"description":{"description_data":[{"lang":"eng","value":"A vulnerability has been found in isoftforce Dreamer CMS up to 4.0.1 and classified as problematic. This vulnerability affects unknown code. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 4.1.3 is able to address this issue. It is recommended to upgrade the affected component. VDB-219334 is the identifier assigned to this vulnerability."},{"lang":"deu","value":"In isoftforce Dreamer CMS bis 4.0.1 wurde eine problematische Schwachstelle gefunden. Hierbei betrifft es unbekannten Programmcode. Mittels dem Manipulieren mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff über das Netzwerk. Der Exploit steht zur öffentlichen Verfügung. Ein Aktualisieren auf die Version 4.1.3 vermag dieses Problem zu lösen. Als bestmögliche Massnahme wird das Einspielen eines Upgrades empfohlen."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-79 Cross Site Scripting","cweId":"CWE-79"}]}]},"affects":{"vendor":{"vendor_data":[{"vendor_name":"isoftforce","product":{"product_data":[{"product_name":"Dreamer CMS","version":{"version_data":[{"version_affected":"=","version_value":"4.0.0"},{"version_affected":"=","version_value":"4.0.1"}]}}]}}]}},"references":{"reference_data":[{"url":"https://vuldb.com/?id.219334","refsource":"MISC","name":"https://vuldb.com/?id.219334"},{"url":"https://vuldb.com/?ctiid.219334","refsource":"MISC","name":"https://vuldb.com/?ctiid.219334"},{"url":"https://gitee.com/isoftforce/dreamer_cms/issues/I68UYM","refsource":"MISC","name":"https://gitee.com/isoftforce/dreamer_cms/issues/I68UYM"},{"url":"https://gitee.com/isoftforce/dreamer_cms/tree/Latest_Stable_Release_4.1.3","refsource":"MISC","name":"https://gitee.com/isoftforce/dreamer_cms/tree/Latest_Stable_Release_4.1.3"}]},"credits":[{"lang":"en","value":"VulDB Gitee Analyzer"}],"impact":{"cvss":[{"version":"3.1","baseScore":3.5,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N","baseSeverity":"LOW"},{"version":"3.0","baseScore":3.5,"vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N","baseSeverity":"LOW"},{"version":"2.0","baseScore":4,"vectorString":"AV:N/AC:L/Au:S/C:N/I:P/A:N"}]}},"nvd":{"publishedDate":"2023-01-26 21:18:00","lastModifiedDate":"2023-11-07 04:00:00","problem_types":["CWE-79"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE","baseScore":5.4,"baseSeverity":"MEDIUM"},"exploitabilityScore":2.3,"impactScore":2.7}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:dreamer_cms_project:dreamer_cms:*:*:*:*:*:*:*:*","versionEndIncluding":"4.0.1","cpe_name":[]}]}]}},"legacy_mitre":{"record":null,"notes":[]}}}