Instantcms Security Vulnerabilities

CVE-2018-14382

InstantCMS 2.10.1 has /redirect?url= XSS.

CVE-2023-4187

Cross-site Scripting (XSS) - Stored in GitHub repository instantsoft/icms2 prior to 2.16.1-git.

CVE-2023-4188

SQL Injection in GitHub repository instantsoft/icms2 prior to 2.16.1-git.

CVE-2023-4189

Cross-site Scripting (XSS) - Reflected in GitHub repository instantsoft/icms2 prior to 2.16.1-git.

CVE-2023-4381

Unverified Password Change in GitHub repository instantsoft/icms2 prior to 2.16.1-git.

CVE-2023-4649

Session Fixation in GitHub repository instantsoft/icms2 prior to 2.16.1.

CVE-2023-4650

Improper Access Control in GitHub repository instantsoft/icms2 prior to 2.16.1-git.

CVE-2023-4651

Server-Side Request Forgery (SSRF) in GitHub repository instantsoft/icms2 prior to 2.16.1.

CVE-2023-4652

Cross-site Scripting (XSS) - Stored in GitHub repository instantsoft/icms2 prior to 2.16.1-git.

CVE-2023-4653

Cross-site Scripting (XSS) - Stored in GitHub repository instantsoft/icms2 prior to 2.16.1-git.

CVE-2023-4654

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository instantsoft/icms2 prior to 2.16.1.

CVE-2023-4655

Cross-site Scripting (XSS) - Reflected in GitHub repository instantsoft/icms2 prior to 2.16.1.

CVE-2023-4704

External Control of System or Configuration Setting in GitHub repository instantsoft/icms2 prior to 2.16.1-git.

CVE-2023-4878

Server-Side Request Forgery (SSRF) in GitHub repository instantsoft/icms2 prior to 2.16.1-git.

CVE-2023-4879

Cross-site Scripting (XSS) - Stored in GitHub repository instantsoft/icms2 prior to 2.16.1.-git.