Filtered by vendor Instantcms
Subscriptions
Total
17 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2018-14382 | 1 Instantcms | 1 Instantcms | 2024-08-05 | N/A |
InstantCMS 2.10.1 has /redirect?url= XSS. | ||||
CVE-2023-4928 | 1 Instantcms | 1 Icms2 | 2024-08-02 | 7.2 High |
SQL Injection in GitHub repository instantsoft/icms2 prior to 2.16.1. | ||||
CVE-2023-4878 | 1 Instantcms | 1 Instantcms | 2024-08-02 | 5.4 Medium |
Server-Side Request Forgery (SSRF) in GitHub repository instantsoft/icms2 prior to 2.16.1-git. | ||||
CVE-2023-4879 | 1 Instantcms | 1 Instantcms | 2024-08-02 | 4.8 Medium |
Cross-site Scripting (XSS) - Stored in GitHub repository instantsoft/icms2 prior to 2.16.1.-git. | ||||
CVE-2023-4704 | 1 Instantcms | 1 Instantcms | 2024-08-02 | 4.9 Medium |
External Control of System or Configuration Setting in GitHub repository instantsoft/icms2 prior to 2.16.1-git. | ||||
CVE-2023-4652 | 1 Instantcms | 1 Instantcms | 2024-08-02 | 5.4 Medium |
Cross-site Scripting (XSS) - Stored in GitHub repository instantsoft/icms2 prior to 2.16.1-git. | ||||
CVE-2023-4655 | 1 Instantcms | 1 Instantcms | 2024-08-02 | 6.1 Medium |
Cross-site Scripting (XSS) - Reflected in GitHub repository instantsoft/icms2 prior to 2.16.1. | ||||
CVE-2023-4653 | 1 Instantcms | 1 Instantcms | 2024-08-02 | 4.8 Medium |
Cross-site Scripting (XSS) - Stored in GitHub repository instantsoft/icms2 prior to 2.16.1-git. | ||||
CVE-2023-4651 | 1 Instantcms | 1 Instantcms | 2024-08-02 | 5.4 Medium |
Server-Side Request Forgery (SSRF) in GitHub repository instantsoft/icms2 prior to 2.16.1. | ||||
CVE-2023-4650 | 1 Instantcms | 1 Instantcms | 2024-08-02 | 4.7 Medium |
Improper Access Control in GitHub repository instantsoft/icms2 prior to 2.16.1-git. | ||||
CVE-2023-4654 | 1 Instantcms | 1 Instantcms | 2024-08-02 | 3.5 Low |
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository instantsoft/icms2 prior to 2.16.1. | ||||
CVE-2023-4649 | 1 Instantcms | 1 Instantcms | 2024-08-02 | 5.4 Medium |
Session Fixation in GitHub repository instantsoft/icms2 prior to 2.16.1. | ||||
CVE-2023-4381 | 1 Instantcms | 1 Instantcms | 2024-08-02 | 4.3 Medium |
Unverified Password Change in GitHub repository instantsoft/icms2 prior to 2.16.1-git. | ||||
CVE-2023-4189 | 1 Instantcms | 1 Instantcms | 2024-08-02 | 4.8 Medium |
Cross-site Scripting (XSS) - Reflected in GitHub repository instantsoft/icms2 prior to 2.16.1-git. | ||||
CVE-2023-4188 | 1 Instantcms | 1 Instantcms | 2024-08-02 | 9.1 Critical |
SQL Injection in GitHub repository instantsoft/icms2 prior to 2.16.1-git. | ||||
CVE-2023-4187 | 1 Instantcms | 1 Instantcms | 2024-08-02 | 4.8 Medium |
Cross-site Scripting (XSS) - Stored in GitHub repository instantsoft/icms2 prior to 2.16.1-git. | ||||
CVE-2024-31212 | 1 Instantcms | 1 Icms2 | 2024-08-02 | 6.7 Medium |
InstantCMS is a free and open source content management system. A SQL injection vulnerability affects instantcms v2.16.2 in which an attacker with administrative privileges can cause the application to execute unauthorized SQL code. The vulnerability exists in index_chart_data action, which receives an input from user and passes it unsanitized to the core model `filterFunc` function that further embeds this data in an SQL statement. This allows attackers to inject unwanted SQL code into the statement. The `period` should be escaped before inserting it in the query. As of time of publication, a patched version is not available. |
Page 1 of 1.