CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-42188
https://notcve.org/view.php?id=CVE-2023-42188
26 Oct 2023 — IceCMS v2.0.1 is vulnerable to Cross Site Request Forgery (CSRF). IceCMS v2.0.1 es vulnerable a Cross Site Request Forgery (CSRF). • https://github.com/Thecosy/IceCMS/issues/17 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-36100
https://notcve.org/view.php?id=CVE-2023-36100
01 Sep 2023 — An issue was discovered in IceCMS version 2.0.1, allows attackers to escalate privileges and gain sensitive information via UserID parameter in api/User/ChangeUser. Se descubrió un problema en IceCMS versión 2.0.1, permite a los atacantes escalar privilegios y obtener información sensible a través del parámetro userId en api/User/ChangeUser. • https://github.com/Thecosy/IceCMS/issues/15 • CWE-269: Improper Privilege Management •