11 matches found
CVE-2023-4189
Cross-site Scripting (XSS) - Reflected in GitHub repository instantsoft/icms2 prior to 2.16.1-git.
CVE-2023-4187
Cross-site Scripting (XSS) - Stored in GitHub repository instantsoft/icms2 prior to 2.16.1-git.
CVE-2023-4188
SQL Injection in GitHub repository instantsoft/icms2 prior to 2.16.1-git.
CVE-2023-4381
Unverified Password Change in GitHub repository instantsoft/icms2 prior to 2.16.1-git.
CVE-2023-4649
Session Fixation in GitHub repository instantsoft/icms2 prior to 2.16.1.
CVE-2023-4651
Server-Side Request Forgery (SSRF) in GitHub repository instantsoft/icms2 prior to 2.16.1.
CVE-2023-4655
Cross-site Scripting (XSS) - Reflected in GitHub repository instantsoft/icms2 prior to 2.16.1.
CVE-2023-4653
Cross-site Scripting (XSS) - Stored in GitHub repository instantsoft/icms2 prior to 2.16.1-git.
CVE-2023-4650
Improper Access Control in GitHub repository instantsoft/icms2 prior to 2.16.1-git.
CVE-2023-4652
Cross-site Scripting (XSS) - Stored in GitHub repository instantsoft/icms2 prior to 2.16.1-git.
CVE-2023-4654
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository instantsoft/icms2 prior to 2.16.1.