CVSS: 4.7EPSS: 0%CPEs: 1EXPL: 1CVE-2023-4650 – Improper Access Control in instantsoft/icms2
https://notcve.org/view.php?id=CVE-2023-4650
Improper Access Control in GitHub repository instantsoft/icms2 prior to 2.16.1-git. Control de acceso inadecuado en el repositorio de GitHub instantsoft/icms2 anterior a 2.16.1-git. • https://github.com/instantsoft/icms2/commit/78ff8ca066e86a65ff35470b5622be3aa7d2f928 https://huntr.dev/bounties/d92e8985-9d9d-4a62-92e8-ada014ee3b17 • CWE-284: Improper Access Control •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2023-4649 – Session Fixation in instantsoft/icms2
https://notcve.org/view.php?id=CVE-2023-4649
Session Fixation in GitHub repository instantsoft/icms2 prior to 2.16.1. Fijación de sesión en el repositorio de GitHub instantsoft/icms2 anterior a la versión 2.16.1. • https://github.com/instantsoft/icms2/commit/ca5f150da11d9caae86638885137afe35bcc3592 https://huntr.dev/bounties/069bb1f3-0805-480d-a6e1-b3345cdc60f3 • CWE-384: Session Fixation •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2023-4651 – Server-Side Request Forgery (SSRF) in instantsoft/icms2
https://notcve.org/view.php?id=CVE-2023-4651
Server-Side Request Forgery (SSRF) in GitHub repository instantsoft/icms2 prior to 2.16.1. Server-Side Request Forgery (SSRF) en el repositorio de GitHub instantsoft/icms2 anterior a 2.16.1. • https://github.com/instantsoft/icms2/commit/a6bf758de0b3242b0c0e4b47a588aae0c94305b0 https://huntr.dev/bounties/beba9b98-2a5c-4629-987d-b67f47ba9437 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 1CVE-2023-4653 – Cross-site Scripting (XSS) - Stored in instantsoft/icms2
https://notcve.org/view.php?id=CVE-2023-4653
Cross-site Scripting (XSS) - Stored in GitHub repository instantsoft/icms2 prior to 2.16.1-git. Cross-Site Scripting (XSS) almacenado en el repositorio de GitHub instantsoft/icms2 antes de 2.16.1.-git. • https://github.com/instantsoft/icms2/commit/7e9d79818bd52dfa7811d5978c72785054c65242 https://huntr.dev/bounties/e0bf7e95-fc8c-4fd4-8575-8b46b9431c6d • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-4652 – Cross-site Scripting (XSS) - Stored in instantsoft/icms2
https://notcve.org/view.php?id=CVE-2023-4652
Cross-site Scripting (XSS) - Stored in GitHub repository instantsoft/icms2 prior to 2.16.1-git. Cross-Site Scripting (XSS) almacenado en el repositorio de GitHub instantsoft/icms2 anterior a la versión 2.16-git. • https://github.com/instantsoft/icms2/commit/7a7e57e77f12f36d0e96be6d5b9066389372dbcd https://huntr.dev/bounties/7869e4af-fad9-48c3-9e4f-c949e54cbb41 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •