MidnightBSD

Advisories for dcatadmin

CVE-2023-33736

A stored cross-site scripting (XSS) vulnerability in Dcat-Admin v2.1.3-beta allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the URL parameter.

Products Affected

Vendor Product Version
dcatadmin dcat_admin 2.1.3
CVE-2024-29644

Cross Site Scripting vulnerability in dcat-admin v.2.1.3 and before allows a remote attacker to execute arbitrary code via a crafted script to the user login box.

Products Affected

Vendor Product Version
dcatadmin dcat_admin 2.0.0
dcatadmin dcat_admin 2.0.19
dcatadmin dcat_admin 2.0.5
dcatadmin dcat_admin 2.0.12
dcatadmin dcat_admin 2.0.7
dcatadmin dcat_admin 2.1.0
dcatadmin dcat_admin 2.1.2
dcatadmin dcat_admin 2.0.23
dcatadmin dcat_admin 2.0.13
dcatadmin dcat_admin 2.0.8
dcatadmin dcat_admin 2.1.1
dcatadmin dcat_admin *
dcatadmin dcat_admin 2.0.22
dcatadmin dcat_admin 2.1.3
dcatadmin dcat_admin 2.0.17
dcatadmin dcat_admin 2.0.14
dcatadmin dcat_admin 2.0.1
dcatadmin dcat_admin 2.0.6
dcatadmin dcat_admin 2.0.18
dcatadmin dcat_admin 2.0.20
dcatadmin dcat_admin 2.0.4
dcatadmin dcat_admin 2.0.16
dcatadmin dcat_admin 2.0.2
dcatadmin dcat_admin 2.0.3
dcatadmin dcat_admin 2.0.9
dcatadmin dcat_admin 2.0.24
dcatadmin dcat_admin 2.0.11
dcatadmin dcat_admin 2.0.15
dcatadmin dcat_admin 2.0.21
dcatadmin dcat_admin 2.0.10
CVE-2024-54775

Dcat-Admin v2.2.0-beta and v2.2.2-beta contains a Cross-Site Scripting (XSS) vulnerability via /admin/auth/menu and /admin/auth/extensions.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 4.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N 1.7 2.7

Products Affected

Vendor Product Version
dcatadmin dcat_admin 2.2.2
dcatadmin dcat_admin 2.2.0
CVE-2025-0709 LOW

A vulnerability was found in Dcat-Admin 2.2.1-beta. It has been rated as problematic. This issue affects some unknown processing of the file /admin/auth/roles of the component Roles Page. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cna@vuldb.com 2.4 LOW CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N 0.9 1.4

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,CWE-94,

Products Affected

Vendor Product Version
dcatadmin dcat_admin 2.2.1
CVE-2025-65656

dcat-admin v2.2.3-beta and before is vulnerable to file inclusion in admin/src/Extend/VersionManager.php.

Products Affected

Vendor Product Version
dcatadmin dcat_admin *