CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-4381 – Unverified Password Change in instantsoft/icms2
https://notcve.org/view.php?id=CVE-2023-4381
Unverified Password Change in GitHub repository instantsoft/icms2 prior to 2.16.1-git. • https://github.com/instantsoft/icms2/commit/58f8b9941b53b606a1b15a4364005cd2b1965507 https://huntr.dev/bounties/666c2617-e3e9-4955-9c97-2f8ed5262cc3 • CWE-620: Unverified Password Change •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-4189 – Cross-site Scripting (XSS) - Reflected in instantsoft/icms2
https://notcve.org/view.php?id=CVE-2023-4189
Cross-site Scripting (XSS) - Reflected in GitHub repository instantsoft/icms2 prior to 2.16.1-git. • https://github.com/instantsoft/icms2/commit/1dbc3e6c8fbf5d2dc551cb27fad0de3584dee40f https://huntr.dev/bounties/b00e6986-64e7-464e-ba44-e42476bfcdc4 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-4188 – SQL Injection in instantsoft/icms2
https://notcve.org/view.php?id=CVE-2023-4188
SQL Injection in GitHub repository instantsoft/icms2 prior to 2.16.1-git. Se ha encontrado una vulnerabilidad de inyección SQL en el repositorio GitHub instantsoft/icms2 anterior a la versión 2.16.1-git. • https://github.com/instantsoft/icms2/commit/1dbc3e6c8fbf5d2dc551cb27fad0de3584dee40f https://huntr.dev/bounties/fe9809b6-40ad-4e81-9197-a9aa42e8a7bf • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-4187 – Cross-site Scripting (XSS) - Stored in instantsoft/icms2
https://notcve.org/view.php?id=CVE-2023-4187
Cross-site Scripting (XSS) - Stored in GitHub repository instantsoft/icms2 prior to 2.16.1-git. • https://github.com/instantsoft/icms2/commit/1dbc3e6c8fbf5d2dc551cb27fad0de3584dee40f https://huntr.dev/bounties/14941381-b669-4756-94fc-cce172472f8b • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2018-14382
https://notcve.org/view.php?id=CVE-2018-14382
InstantCMS 2.10.1 has /redirect?url= XSS. InstantCMS 2.10.1 tiene Cross-Site Scripting (XSS) en /redirect?url=. • https://github.com/instantsoft/icms2/issues/892 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •