Known Vulnerabilities
CVE-2023-4928
SQL Injection in GitHub repository instantsoft/icms2 prior to 2.16.1.
CVE-2023-4879
Cross-site Scripting (XSS) - Stored in GitHub repository instantsoft/icms2 prior to 2.16.1.-git.
CVE-2023-4878
Server-Side Request Forgery (SSRF) in GitHub repository instantsoft/icms2 prior to 2.16.1-git.
CVE-2023-4704
External Control of System or Configuration Setting in GitHub repository instantsoft/icms2 prior to 2.16.1-git.
CVE-2023-4654
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository instantsoft/icms2 prior to 2.16.1.
CVE-2023-4655
Cross-site Scripting (XSS) - Reflected in GitHub repository instantsoft/icms2 prior to 2.16.1.
CVE-2023-4650
Improper Access Control in GitHub repository instantsoft/icms2 prior to 2.16.1-git.
CVE-2023-4649
Session Fixation in GitHub repository instantsoft/icms2 prior to 2.16.1.
CVE-2023-4651
Server-Side Request Forgery (SSRF) in GitHub repository instantsoft/icms2 prior to 2.16.1.
CVE-2023-4653
Cross-site Scripting (XSS) - Stored in GitHub repository instantsoft/icms2 prior to 2.16.1-git.
CVE-2023-4652
Cross-site Scripting (XSS) - Stored in GitHub repository instantsoft/icms2 prior to 2.16.1-git.
CVE-2023-4381
Unverified Password Change in GitHub repository instantsoft/icms2 prior to 2.16.1-git.
CVE-2023-4189
Cross-site Scripting (XSS) - Reflected in GitHub repository instantsoft/icms2 prior to 2.16.1-git.
CVE-2023-4188
SQL Injection in GitHub repository instantsoft/icms2 prior to 2.16.1-git.
CVE-2023-4187
Cross-site Scripting (XSS) - Stored in GitHub repository instantsoft/icms2 prior to 2.16.1-git.