2 matches found
CVE-2023-36100
CVE-2023-36100 affects IceCMS 2.0.1. The issue is a privilege escalation and information disclosure via the UserID parameter in the endpoint api/User/ChangeUser. Root cause details are not fully disclosed in the provided documents, but multiple sources confirm the vulnerability in this specific v...
CVE-2023-42188
IceCMS v2.0.1 is vulnerable to Cross-Site Request Forgery (CSRF). The issue originates from insufficient validation of request origin, enabling a malicious actor to forge requests that trigger sensitive operations. Public descriptions confirm CSRF vulnerability for IceCMS 2.0.1. Some sources sugg...