CVE-2023-4879

Cross-site Scripting XSS - Stored in GitHub repository instantsoft/icms2 prior to 2.16.1.-git...

CVE-2023-4654

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository instantsoft/icms2 prior to 2.16.1...

CVE-2023-4189

Cross-site Scripting XSS - Reflected in GitHub repository instantsoft/icms2 prior to 2.16.1-git...

CVE-2023-4649

Session Fixation in GitHub repository instantsoft/icms2 prior to 2.16.1...

CVE-2023-4650

Improper Access Control in GitHub repository instantsoft/icms2 prior to 2.16.1-git...

CVE-2023-4878

Server-Side Request Forgery SSRF in GitHub repository instantsoft/icms2 prior to 2.16.1-git...

CVE-2023-4928

SQL Injection in GitHub repository instantsoft/icms2 prior to 2.16.1...

CVE-2023-4704

External Control of System or Configuration Setting in GitHub repository instantsoft/icms2 prior to 2.16.1-git...

EUVD-2023-54067

Malicious code in bioql PyPI...

EUVD-2023-54506

Malicious code in bioql PyPI...

EUVD-2023-54764

Malicious code in bioql PyPI...

EUVD-2023-54068

Malicious code in bioql PyPI...

EUVD-2023-54717

Malicious code in bioql PyPI...

EUVD-2023-54502

Malicious code in bioql PyPI...

EUVD-2023-54066

Malicious code in bioql PyPI...

EUVD-2023-54245

Malicious code in bioql PyPI...

CVE-2023-4187

Cross-site Scripting XSS - Stored in GitHub repository instantsoft/icms2 prior to 2.16.1-git...

CVE-2023-4655

Cross-site Scripting XSS - Reflected in GitHub repository instantsoft/icms2 prior to 2.16.1...

Store XSS in Widgets and pages in instantsoft/icms2

Description I noticed that you filtered the filter very carefully. But there are still some parts you missed Proof of Concept 1 . Login with admin 2 . Go to "http://localhost/o2/admin/menu/itemedit/18" 3 . Insert payload in CSS class 4 . Click save , and go to home page, and Detect store xss in...

CVE-2023-4928

SQL Injection in GitHub repository instantsoft/icms2 prior to 2.16.1...