114 matches found
EUVD-2023-54552
Malicious code in bioql PyPI...
EUVD-2023-54501
Malicious code in bioql PyPI...
CVE-2023-4187
Cross-site Scripting XSS - Stored in GitHub repository instantsoft/icms2 prior to 2.16.1-git...
CVE-2023-4655
Cross-site Scripting XSS - Reflected in GitHub repository instantsoft/icms2 prior to 2.16.1...
CVE-2023-4652
Cross-site Scripting XSS - Stored in GitHub repository instantsoft/icms2 prior to 2.16.1-git...
CVE-2024-31213
CVE-2024-31213 describes an open redirect in InstantCMS ICMS2 (version 2.16.2) occurring after a user modifies their profile. An attacker could lure a victim to visit a malicious site that imitates the ICMS2 flow and prompts for the user’s password, which could be sent to the attacker. The CVE no...
CVE-2024-31213 InstantCMS Open Redirect vulnerability
InstantCMS is a free and open source content management system. An open redirect was found in the ICMS2 application version 2.16.2 when being redirected after modifying one's own user profile. An attacker could trick a victim into visiting their web application, thinking they are still present on...
CVE-2024-31213 InstantCMS Open Redirect vulnerability
InstantCMS is a free and open source content management system. An open redirect was found in the ICMS2 application version 2.16.2 when being redirected after modifying one's own user profile. An attacker could trick a victim into visiting their web application, thinking they are still present on...
Store XSS in Widgets and pages in instantsoft/icms2
Description I noticed that you filtered the filter very carefully. But there are still some parts you missed Proof of Concept 1 . Login with admin 2 . Go to "http://localhost/o2/admin/menu/itemedit/18" 3 . Insert payload in CSS class 4 . Click save , and go to home page, and Detect store xss in...
CVE-2023-4928
SQL Injection in GitHub repository instantsoft/icms2 prior to 2.16.1...
Sql injection
SQL Injection in GitHub repository instantsoft/icms2 prior to 2.16.1...
CVE-2023-4928 SQL Injection in instantsoft/icms2
SQL Injection in GitHub repository instantsoft/icms2 prior to 2.16.1...
CVE-2023-4928 SQL Injection in instantsoft/icms2
SQL Injection in GitHub repository instantsoft/icms2 prior to 2.16.1...
CVE-2023-4928
The CVE-2023-4928 entry describes an SQL injection in instantsoft/icms2 before version 2.16.1. The vulnerability affects the content management system’s query handling, with a CVSS v3.1 base score of 7.2 (HIGH); attack vector NETWORK, complexity LOW, privileges required HIGH, user interaction NON...
CVE-2023-4928 SQL Injection in instantsoft/icms2
SQL Injection in GitHub repository instantsoft/icms2 prior to 2.16.1...
CVE-2023-4879
Cross-site Scripting XSS - Stored in GitHub repository instantsoft/icms2 prior to 2.16.1.-git...
CVE-2023-4878
Server-Side Request Forgery SSRF in GitHub repository instantsoft/icms2 prior to 2.16.1-git...
Cross site scripting
Cross-site Scripting XSS - Stored in GitHub repository instantsoft/icms2 prior to 2.16.1.-git...
Server side request forgery (ssrf)
Server-Side Request Forgery SSRF in GitHub repository instantsoft/icms2 prior to 2.16.1-git...
CVE-2023-4879 Cross-site Scripting (XSS) - Stored in instantsoft/icms2
Cross-site Scripting XSS - Stored in GitHub repository instantsoft/icms2 prior to 2.16.1.-git...