114 matches found
CVE-2023-4650 Improper Access Control in instantsoft/icms2
Improper Access Control in GitHub repository instantsoft/icms2 prior to 2.16.1-git...
CVE-2023-4649 Session Fixation in instantsoft/icms2
Session Fixation in GitHub repository instantsoft/icms2 prior to 2.16.1...
CVE-2023-4652 Cross-site Scripting (XSS) - Stored in instantsoft/icms2
Cross-site Scripting XSS - Stored in GitHub repository instantsoft/icms2 prior to 2.16.1-git...
CVE-2023-4652
CVE-2023-4652 is a stored Cross-site Scripting (XSS) vulnerability affecting instantsoft/icms2 releases prior to 2.16.1-git. Multiple sources confirm the issue is a stored XSS in icms2, with exploitation via attacker-supplied input that can induce script execution in an affected user’s browser. P...
iCMS2 跨站脚本漏洞
iCMS is a software application. An efficient and simple content management system built with PHP and MySQL. A cross-site scripting vulnerability exists in iCMS2 versions prior to 2.16.1-git, which is rooted in vulnerability to stored cross-site scripting XSS attacks...
PT-2023-30049 · Instantsoft · Icms2
Name of the Vulnerable Software and Affected Versions: instantsoft/icms2 versions prior to 2.16.1 Description: The issue concerns a session fixation problem. There is no information provided about the estimated number of potentially affected devices worldwide or details about real-world incidents...
PT-2023-30070 · Unknown · Instantsoft/Icms2
Name of the Vulnerable Software and Affected Versions: instantsoft/icms2 versions prior to 2.16.1 Description: The issue concerns a sensitive cookie in an HTTPS session that lacks the 'Secure' attribute. This problem is identified in the GitHub repository instantsoft/icms2. Recommendations: For...
PT-2023-30080 · Icms2 · Icms2
Name of the Vulnerable Software and Affected Versions: instantsoft/icms2 versions prior to 2.16.1 Description: The issue is related to Cross-site Scripting XSS - Reflected. This is a type of attack where an attacker injects malicious code into a website, and the website reflects the code back to...
PT-2023-30060 · Unknown · Instantsoft/Icms2
Name of the Vulnerable Software and Affected Versions: instantsoft/icms2 versions prior to 2.16.1-git Description: The issue concerns improper access control. There is no information provided about the estimated number of potentially affected devices worldwide or details about real-world incident...
PT-2023-30069 · Instantsoft · Icms2
Name of the Vulnerable Software and Affected Versions: instantsoft/icms2 versions prior to 2.16.1-git Description: The issue is related to Cross-site Scripting XSS - Stored. This means that an attacker can inject malicious scripts into a website, which are then stored on the server and executed b...
PT-2023-30065 · Unknown · Instantsoft/Icms2
Name of the Vulnerable Software and Affected Versions: instantsoft/icms2 versions prior to 2.16.1 Description: The issue is related to Server-Side Request Forgery SSRF in the GitHub repository instantsoft/icms2. This allows an attacker to trick the server into making unintended requests...
Default credentials
Unverified Password Change in GitHub repository instantsoft/icms2 prior to 2.16.1-git...
CVE-2023-4381
CVE-2023-4381 affects the instantsoft/icms2 CMS prior to version 2.16.1-git. The root cause is an unverified password change, enabling an attacker to change a user’s password without proper verification. Impact is described as minimal in the CVSS data, but the issue enables unauthorized password ...
CVE-2023-4381 Unverified Password Change in instantsoft/icms2
Unverified Password Change in GitHub repository instantsoft/icms2 prior to 2.16.1-git...
CVE-2023-4381 Unverified Password Change in instantsoft/icms2
Unverified Password Change in GitHub repository instantsoft/icms2 prior to 2.16.1-git...
PT-2023-28998 · Unknown · Instantsoft/Icms2
Name of the Vulnerable Software and Affected Versions: instantsoft/icms2 versions prior to 2.16.1-git. Description: The issue concerns an unverified password change in the GitHub repository instantsoft/icms2. Recommendations: For versions prior to 2.16.1-git, update to version 2.16.1-git or later...
CVE-2023-4189
Cross-site Scripting XSS - Reflected in GitHub repository instantsoft/icms2 prior to 2.16.1-git...
Sql injection
SQL Injection in GitHub repository instantsoft/icms2 prior to 2.16.1-git...
CVE-2023-4189 Cross-site Scripting (XSS) - Reflected in instantsoft/icms2
Cross-site Scripting XSS - Reflected in GitHub repository instantsoft/icms2 prior to 2.16.1-git...
CVE-2023-4189 Cross-site Scripting (XSS) - Reflected in instantsoft/icms2
Cross-site Scripting XSS - Reflected in GitHub repository instantsoft/icms2 prior to 2.16.1-git...