7 matches found
CVE-2018-16332
An issue was discovered in iCMS 7.0.9. There is an admincp.php?app=article&do=update CSRF vulnerability...
Cross site request forgery (csrf)
An issue was discovered in iCMS 7.0.9. There is an admincp.php?app=article&do=update CSRF vulnerability...
CVE-2018-16332
An issue was discovered in iCMS 7.0.9. There is an admincp.php?app=article&do=update CSRF vulnerability...
CVE-2018-13865
An issue was discovered in idreamsoft iCMS 7.0.9. XSS exists via the callback parameter in a public/api.php uploadpic request, bypassing the iWAF protection mechanism...
CVE-2018-13865
An issue was discovered in idreamsoft iCMS 7.0.9. XSS exists via the callback parameter in a public/api.php uploadpic request, bypassing the iWAF protection mechanism...
Design/Logic Flaw
An issue was discovered in idreamsoft iCMS 7.0.9. XSS exists via the callback parameter in a public/api.php uploadpic request, bypassing the iWAF protection mechanism...
CVE-2018-13865
The CVE concerns idreamsoft iCMS 7.0.9. A cross-site scripting (XSS) flaw exists via the callback parameter in the public/api.php uploadpic endpoint, which bypasses the iWAF protection mechanism. This configuration allows arbitrary script execution in contexts relying on the affected API. No expl...