Instantcms Security Vulnerabilities and Issues — Instantcms CVE List

Lucene search

InstantcmsInstantcms

18 matches found

cve•added 2023/08/05 8:15 p.m.•53 views

CVE-2023-4189

Cross-site Scripting (XSS) - Reflected in GitHub repository instantsoft/icms2 prior to 2.16.1-git.

4.8CVSS4.9AI score0.0006EPSS

cve•added 2023/09/10 6:15 p.m.•49 views

CVE-2023-4879

Cross-site Scripting (XSS) - Stored in GitHub repository instantsoft/icms2 prior to 2.16.1.-git.

4.8CVSS4.1AI score0.00041EPSS

cve•added 2024/04/04 11:15 p.m.•48 views

CVE-2024-31212

InstantCMS is a free and open source content management system. A SQL injection vulnerability affects instantcms v2.16.2 in which an attacker with administrative privileges can cause the application to execute unauthorized SQL code. The vulnerability exists in index_chart_data action, which receive...

7.2CVSS6.8AI score0.00272EPSS

cve•added 2023/08/05 6:15 p.m.•45 views

CVE-2023-4187

Cross-site Scripting (XSS) - Stored in GitHub repository instantsoft/icms2 prior to 2.16.1-git.

4.8CVSS4.1AI score0.0006EPSS

cve•added 2024/10/29 11:15 p.m.•43 views

CVE-2024-50348

InstantCMS is a free and open source content management system. In photo upload function in the photo album page there is no input validation taking place. Due to this attackers are able to inject the XSS (Cross Site Scripting) payload and execute. This vulnerability is fixed in 2.16.3.

5.4CVSS5.2AI score0.00151EPSS

cve•added 2023/09/10 6:15 p.m.•42 views

CVE-2023-4878

Server-Side Request Forgery (SSRF) in GitHub repository instantsoft/icms2 prior to 2.16.1-git.

5.4CVSS4.8AI score0.00055EPSS

cve•added 2024/04/05 3:15 p.m.•42 views

CVE-2024-31213

InstantCMS is a free and open source content management system. An open redirect was found in the ICMS2 application version 2.16.2 when being redirected after modifying one's own user profile. An attacker could trick a victim into visiting their web application, thinking they are still present on t...

5.4CVSS4AI score0.00225EPSS

cve•added 2023/08/05 8:15 p.m.•39 views

CVE-2023-4188

SQL Injection in GitHub repository instantsoft/icms2 prior to 2.16.1-git.

9.8CVSS9.8AI score0.00062EPSS

cve•added 2018/07/18 3:29 p.m.•38 views

CVE-2018-14382

InstantCMS 2.10.1 has /redirect?url= XSS.

6.1CVSS6.3AI score0.00328EPSS

cve•added 2023/08/16 12:15 p.m.•34 views

CVE-2023-4381

Unverified Password Change in GitHub repository instantsoft/icms2 prior to 2.16.1-git.

4.3CVSS4.6AI score0.00057EPSS

cve•added 2023/08/31 1:15 a.m.•34 views

CVE-2023-4649

Session Fixation in GitHub repository instantsoft/icms2 prior to 2.16.1.

5.4CVSS4.8AI score0.00059EPSS

cve•added 2023/08/31 1:15 a.m.•28 views

CVE-2023-4651

Server-Side Request Forgery (SSRF) in GitHub repository instantsoft/icms2 prior to 2.16.1.

6.4CVSS5.6AI score0.00044EPSS

cve•added 2023/08/31 1:15 a.m.•27 views

CVE-2023-4655

Cross-site Scripting (XSS) - Reflected in GitHub repository instantsoft/icms2 prior to 2.16.1.

6.1CVSS4.8AI score0.00068EPSS

cve•added 2023/08/31 1:15 a.m.•25 views

CVE-2023-4653

Cross-site Scripting (XSS) - Stored in GitHub repository instantsoft/icms2 prior to 2.16.1-git.

5.9CVSS5.1AI score0.00072EPSS

cve•added 2023/08/31 1:15 a.m.•24 views

CVE-2023-4650

Improper Access Control in GitHub repository instantsoft/icms2 prior to 2.16.1-git.

4.7CVSS4.7AI score0.00035EPSS

cve•added 2023/08/31 1:15 a.m.•24 views

CVE-2023-4652

Cross-site Scripting (XSS) - Stored in GitHub repository instantsoft/icms2 prior to 2.16.1-git.

6.8CVSS5.6AI score0.00062EPSS

cve•added 2023/08/31 1:15 a.m.•24 views

CVE-2023-4654

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository instantsoft/icms2 prior to 2.16.1.

3.5CVSS3.8AI score0.00035EPSS

cve•added 2023/09/01 10:15 a.m.•24 views

CVE-2023-4704

External Control of System or Configuration Setting in GitHub repository instantsoft/icms2 prior to 2.16.1-git.

8.8CVSS6.1AI score0.00077EPSS