113 matches found
PT-2023-30060 · Unknown · Instantsoft/Icms2
Name of the Vulnerable Software and Affected Versions: instantsoft/icms2 versions prior to 2.16.1-git Description: The issue concerns improper access control. There is no information provided about the estimated number of potentially affected devices worldwide or details about real-world incident...
PT-2023-30069 · Instantsoft · Icms2
Name of the Vulnerable Software and Affected Versions: instantsoft/icms2 versions prior to 2.16.1-git Description: The issue is related to Cross-site Scripting XSS - Stored. This means that an attacker can inject malicious scripts into a website, which are then stored on the server and executed b...
PT-2023-30065 · Unknown · Instantsoft/Icms2
Name of the Vulnerable Software and Affected Versions: instantsoft/icms2 versions prior to 2.16.1 Description: The issue is related to Server-Side Request Forgery SSRF in the GitHub repository instantsoft/icms2. This allows an attacker to trick the server into making unintended requests...
PT-2023-30068 · Unknown · Instantsoft/Icms2
Name of the Vulnerable Software and Affected Versions: instantsoft/icms2 versions prior to 2.16.1-git Description: The issue is related to Cross-site Scripting XSS - Stored, which affects the GitHub repository instantsoft/icms2. Recommendations: For versions prior to 2.16.1-git, update to version...
Default credentials
Unverified Password Change in GitHub repository instantsoft/icms2 prior to 2.16.1-git...
CVE-2023-4381
CVE-2023-4381 affects the instantsoft/icms2 CMS prior to version 2.16.1-git. The root cause is an unverified password change, enabling an attacker to change a user’s password without proper verification. Impact is described as minimal in the CVSS data, but the issue enables unauthorized password ...
CVE-2023-4381 Unverified Password Change in instantsoft/icms2
Unverified Password Change in GitHub repository instantsoft/icms2 prior to 2.16.1-git...
CVE-2023-4381 Unverified Password Change in instantsoft/icms2
Unverified Password Change in GitHub repository instantsoft/icms2 prior to 2.16.1-git...
PT-2023-28998 · Unknown · Instantsoft/Icms2
Name of the Vulnerable Software and Affected Versions: instantsoft/icms2 versions prior to 2.16.1-git. Description: The issue concerns an unverified password change in the GitHub repository instantsoft/icms2. Recommendations: For versions prior to 2.16.1-git, update to version 2.16.1-git or later...
CVE-2023-4189
Cross-site Scripting XSS - Reflected in GitHub repository instantsoft/icms2 prior to 2.16.1-git...
CVE-2023-4189 Cross-site Scripting (XSS) - Reflected in instantsoft/icms2
Cross-site Scripting XSS - Reflected in GitHub repository instantsoft/icms2 prior to 2.16.1-git...
CVE-2023-4189 Cross-site Scripting (XSS) - Reflected in instantsoft/icms2
Cross-site Scripting XSS - Reflected in GitHub repository instantsoft/icms2 prior to 2.16.1-git...
CVE-2023-4189
CVE-2023-4189 is a reflected XSS in instantsoft/icms2 before version 2.16.1-git. The Red Hat, NVD, and other sources confirm that the vulnerability arises from reflecting unsanitized user input in the URL, enabling an attacker to inject script. The Huntr entry provides a concrete PoC path showing...
CVE-2023-4189 Cross-site Scripting (XSS) - Reflected in instantsoft/icms2
Cross-site Scripting XSS - Reflected in GitHub repository instantsoft/icms2 prior to 2.16.1-git...
CVE-2023-4188 SQL Injection in instantsoft/icms2
SQL Injection in GitHub repository instantsoft/icms2 prior to 2.16.1-git...
CVE-2023-4188
CVE-2023-4188 affects instantsoft/icms2. The Red Hat and NVD records, along with linked advisories, confirm a SQL Injection in instantsoft/icms2 prior to 2.16.1-git. The related Huntr entry describes an unauthenticated blind SQL injection in the /tags/autocomplete endpoint (term parameter) with a...
CVE-2023-4188 SQL Injection in instantsoft/icms2
SQL Injection in GitHub repository instantsoft/icms2 prior to 2.16.1-git...
CVE-2023-4187
Cross-site Scripting XSS - Stored in GitHub repository instantsoft/icms2 prior to 2.16.1-git...
CVE-2023-4187 Cross-site Scripting (XSS) - Stored in instantsoft/icms2
Cross-site Scripting XSS - Stored in GitHub repository instantsoft/icms2 prior to 2.16.1-git...
CVE-2023-4187
CVE-2023-4187 affects instantsoft/icms2 prior to 2.16.1-git with stored XSS in content handled by the system. The vulnerability is documented across multiple feeds; a Proof-of-Concept is available (Huntr) showing stored XSS in the admin item title, indicating practical exploitability in a real UI...