CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-42188
https://notcve.org/view.php?id=CVE-2023-42188
IceCMS v2.0.1 is vulnerable to Cross Site Request Forgery (CSRF). IceCMS v2.0.1 es vulnerable a Cross Site Request Forgery (CSRF). • https://github.com/Thecosy/IceCMS/issues/17 https://topdayplus.github.io/2023/10/27/CVE-deatail • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-36100
https://notcve.org/view.php?id=CVE-2023-36100
An issue was discovered in IceCMS version 2.0.1, allows attackers to escalate privileges and gain sensitive information via UserID parameter in api/User/ChangeUser. Se descubrió un problema en IceCMS versión 2.0.1, permite a los atacantes escalar privilegios y obtener información sensible a través del parámetro userId en api/User/ChangeUser. • https://github.com/Thecosy/IceCMS/issues/15 • CWE-269: Improper Privilege Management •