Instantcms Security Vulnerabilities and Issues — Instantcms CVE List

Lucene search

InstantcmsInstantcms

5 matches found

CVE•added 2024/10/29 11:15 p.m.•43 views

CVE-2024-50348

InstantCMS is a free and open source content management system. In photo upload function in the photo album page there is no input validation taking place. Due to this attackers are able to inject the XSS (Cross Site Scripting) payload and execute. This vulnerability is fixed in 2.16.3.

5.4CVSS5.2AI score0.00169EPSS

CVE•added 2023/09/10 6:15 p.m.•42 views

CVE-2023-4878

Server-Side Request Forgery (SSRF) in GitHub repository instantsoft/icms2 prior to 2.16.1-git.

5.4CVSS4.8AI score0.00055EPSS

CVE•added 2024/04/05 3:15 p.m.•42 views

CVE-2024-31213

InstantCMS is a free and open source content management system. An open redirect was found in the ICMS2 application version 2.16.2 when being redirected after modifying one's own user profile. An attacker could trick a victim into visiting their web application, thinking they are still present on t...

5.4CVSS4AI score0.00225EPSS

CVE•added 2023/08/31 1:15 a.m.•34 views

CVE-2023-4649

Session Fixation in GitHub repository instantsoft/icms2 prior to 2.16.1.

5.4CVSS4.8AI score0.00059EPSS

CVE•added 2023/08/31 1:15 a.m.•25 views

CVE-2023-4653

Cross-site Scripting (XSS) - Stored in GitHub repository instantsoft/icms2 prior to 2.16.1-git.

5.9CVSS5.1AI score0.00072EPSS