114 matches found
Server side request forgery (ssrf)
Server-Side Request Forgery SSRF in GitHub repository instantsoft/icms2 prior to 2.16.1...
Cross site scripting
Cross-site Scripting XSS - Reflected in GitHub repository instantsoft/icms2 prior to 2.16.1...
Cross site scripting
Cross-site Scripting XSS - Stored in GitHub repository instantsoft/icms2 prior to 2.16.1-git...
Session fixation
Session Fixation in GitHub repository instantsoft/icms2 prior to 2.16.1...
CVE-2023-4655 Cross-site Scripting (XSS) - Reflected in instantsoft/icms2
Cross-site Scripting XSS - Reflected in GitHub repository instantsoft/icms2 prior to 2.16.1...
CVE-2023-4655
CVE-2023-4655 affects instantsoft/icms2 prior to 2.16.1, described as a reflected Cross-site Scripting (XSS) in the web UI. The vulnerability arises from input that is echoed in responses, enabling script execution in a user’s browser. No explicit exploitation status is provided in the initial/co...
CVE-2023-4655 Cross-site Scripting (XSS) - Reflected in instantsoft/icms2
Cross-site Scripting XSS - Reflected in GitHub repository instantsoft/icms2 prior to 2.16.1...
CVE-2023-4652 Cross-site Scripting (XSS) - Stored in instantsoft/icms2
Cross-site Scripting XSS - Stored in GitHub repository instantsoft/icms2 prior to 2.16.1-git...
CVE-2023-4653 Cross-site Scripting (XSS) - Stored in instantsoft/icms2
Cross-site Scripting XSS - Stored in GitHub repository instantsoft/icms2 prior to 2.16.1-git...
CVE-2023-4649 Session Fixation in instantsoft/icms2
Session Fixation in GitHub repository instantsoft/icms2 prior to 2.16.1...
CVE-2023-4651 Server-Side Request Forgery (SSRF) in instantsoft/icms2
Server-Side Request Forgery SSRF in GitHub repository instantsoft/icms2 prior to 2.16.1...
CVE-2023-4651 Server-Side Request Forgery (SSRF) in instantsoft/icms2
Server-Side Request Forgery SSRF in GitHub repository instantsoft/icms2 prior to 2.16.1...
CVE-2023-4650 Improper Access Control in instantsoft/icms2
Improper Access Control in GitHub repository instantsoft/icms2 prior to 2.16.1-git...
CVE-2023-4649 Session Fixation in instantsoft/icms2
Session Fixation in GitHub repository instantsoft/icms2 prior to 2.16.1...
CVE-2023-4651 Server-Side Request Forgery (SSRF) in instantsoft/icms2
Server-Side Request Forgery SSRF in GitHub repository instantsoft/icms2 prior to 2.16.1...
CVE-2023-4652 Cross-site Scripting (XSS) - Stored in instantsoft/icms2
Cross-site Scripting XSS - Stored in GitHub repository instantsoft/icms2 prior to 2.16.1-git...
CVE-2023-4652
CVE-2023-4652 is a stored Cross-site Scripting (XSS) vulnerability affecting instantsoft/icms2 releases prior to 2.16.1-git. Multiple sources confirm the issue is a stored XSS in icms2, with exploitation via attacker-supplied input that can induce script execution in an affected user’s browser. P...
CVE-2023-4653
CVE-2023-4653 is a stored XSS vulnerability in instantsoft/icms2 prior to 2.16.1-git. The Red Hat and CVE records corroborate stored XSS in icms2, affecting versions before 2.16.1-git. The issue stems from input handling in the affected module (admin/comments path in the Huntr PoC reference), ena...
CVE-2023-4651
CVE-2023-4651 describes a Server-Side Request Forgery (SSRF) in instantsoft/icms2 prior to 2.16.1. Affected component: icms2 server handling image/url fetches. Root cause: SSRF in how URLs are processed, allowing the server to make unintended requests. Impact: as described by the sources, potenti...
CVE-2023-4650
CVE-2023-4650 affects instantsoft/icms2 prior to 2.16.1-git and is described as improper access control in the admin account management functionality. Connected sources confirm an admin account takeover/vector exists: a PoC demonstrates an authenticated admin can change other admins’ passwords, e...