92 matches found
Exploit for CVE-2024-41312
CVE-2024-41312. InstantCMS - Stored Cross Site Scripting XSS...
PT-2024-29357 · Unknown · Instantcms
Name of the Vulnerable Software and Affected Versions: InstantCMS affected versions not specified Description: The issue is related to Stored Cross Site Scripting XSS. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability...
CVE-2024-31213
CVE-2024-31213 describes an open redirect in InstantCMS ICMS2 (version 2.16.2) occurring after a user modifies their profile. An attacker could lure a victim to visit a malicious site that imitates the ICMS2 flow and prompts for the user’s password, which could be sent to the attacker. The CVE no...
CVE-2024-31213 InstantCMS Open Redirect vulnerability
InstantCMS is a free and open source content management system. An open redirect was found in the ICMS2 application version 2.16.2 when being redirected after modifying one's own user profile. An attacker could trick a victim into visiting their web application, thinking they are still present on...
CVE-2024-31213 InstantCMS Open Redirect vulnerability
InstantCMS is a free and open source content management system. An open redirect was found in the ICMS2 application version 2.16.2 when being redirected after modifying one's own user profile. An attacker could trick a victim into visiting their web application, thinking they are still present on...
CVE-2024-31213 InstantCMS Open Redirect vulnerability
InstantCMS is a free and open source content management system. An open redirect was found in the ICMS2 application version 2.16.2 when being redirected after modifying one's own user profile. An attacker could trick a victim into visiting their web application, thinking they are still present on...
PT-2024-23856 · Unknown · Instantcms
Name of the Vulnerable Software and Affected Versions: InstantCMS version 2.16.2 Description: An open redirect was found in the ICMS2 application when being redirected after modifying one's own user profile. An attacker could trick a victim into visiting their web application, thinking they are...
CVE-2024-31212
InstantCMS is a free and open source content management system. A SQL injection vulnerability affects instantcms v2.16.2 in which an attacker with administrative privileges can cause the application to execute unauthorized SQL code. The vulnerability exists in indexchartdata action, which receive...
CVE-2024-31212
CVE-2024-31212 affects InstantCMS v2.16.2 in the index_chart_data action. The vulnerability arises from unsanitized user input passed to the core model’s filterFunc, which is embedded into an SQL statement, allowing an attacker with administrative privileges to inject SQL code. The vulnerable inp...
CVE-2024-31212 SQL injection in index_chart_data action
InstantCMS is a free and open source content management system. A SQL injection vulnerability affects instantcms v2.16.2 in which an attacker with administrative privileges can cause the application to execute unauthorized SQL code. The vulnerability exists in indexchartdata action, which receive...
CVE-2024-31212 SQL injection in index_chart_data action
InstantCMS is a free and open source content management system. A SQL injection vulnerability affects instantcms v2.16.2 in which an attacker with administrative privileges can cause the application to execute unauthorized SQL code. The vulnerability exists in indexchartdata action, which receive...
CVE-2024-31212 SQL injection in index_chart_data action
InstantCMS is a free and open source content management system. A SQL injection vulnerability affects instantcms v2.16.2 in which an attacker with administrative privileges can cause the application to execute unauthorized SQL code. The vulnerability exists in indexchartdata action, which receive...
InstantCMS 安全漏洞
InstantCMS is a free open source CMS from instantSoft open source. A security vulnerability exists in InstantCMS version v2.16.2, which stems from a SQL injection vulnerability in indexchartdata...
InstantCMS 2.16.1 Cross Site Scripting
Exploit Title: InstantCMS - Store XSS Application: InstantCMS Version: v2.16.1 Bugs: Stored XSS Technology: PHP Vendor Homepage: https://instantcms.ru/ Software Link: https://instantcms.ru/get Date: 14.09.2023 Author: SoSPiro Tested on: Windows Description I noticed that you filtered the filter...
CVE-2018-14382
InstantCMS 2.10.1 has /redirect?url= XSS...
Cross site scripting
InstantCMS 2.10.1 has /redirect?url= XSS...
CVE-2018-14382
InstantCMS 2.10.1 has /redirect?url= XSS...
CVE-2018-14382
InstantCMS 2.10.1 has /redirect?url= XSS...
CVE-2018-14382
CVE-2018-14382 affects InstantCMS 2.10.1 with a reflected XSS via the path /redirect?url= . The CVE record notes an injection in this redirect parameter; CVSS v2 base score 4.3 (MEDIUM) and CVSS v3 base score 6.1 (MEDIUM). Exploitation details are not described beyond the vulnerability type in th...
instantcms.ru Open Redirect vulnerability
Vulnerable URL: http://www.instantcms.ru/go/url=http://xssposed.org/ Details: Description| Value ---|--- Patched:| Yes, at 26.07.2017 Latest check for patch:| 26.07.2017 11:53 GMT Vulnerability type:| Open Redirect Vulnerability status:| Publicly disclosed Alexa Rank| 35958 Google Pagerank| 4 VIP...