CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-4381 – Unverified Password Change in instantsoft/icms2
https://notcve.org/view.php?id=CVE-2023-4381
Unverified Password Change in GitHub repository instantsoft/icms2 prior to 2.16.1-git. • https://github.com/instantsoft/icms2/commit/58f8b9941b53b606a1b15a4364005cd2b1965507 https://huntr.dev/bounties/666c2617-e3e9-4955-9c97-2f8ed5262cc3 • CWE-620: Unverified Password Change •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-4189 – Cross-site Scripting (XSS) - Reflected in instantsoft/icms2
https://notcve.org/view.php?id=CVE-2023-4189
Cross-site Scripting (XSS) - Reflected in GitHub repository instantsoft/icms2 prior to 2.16.1-git. • https://github.com/instantsoft/icms2/commit/1dbc3e6c8fbf5d2dc551cb27fad0de3584dee40f https://huntr.dev/bounties/b00e6986-64e7-464e-ba44-e42476bfcdc4 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-4188 – SQL Injection in instantsoft/icms2
https://notcve.org/view.php?id=CVE-2023-4188
SQL Injection in GitHub repository instantsoft/icms2 prior to 2.16.1-git. Se ha encontrado una vulnerabilidad de inyección SQL en el repositorio GitHub instantsoft/icms2 anterior a la versión 2.16.1-git. • https://github.com/instantsoft/icms2/commit/1dbc3e6c8fbf5d2dc551cb27fad0de3584dee40f https://huntr.dev/bounties/fe9809b6-40ad-4e81-9197-a9aa42e8a7bf • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-4187 – Cross-site Scripting (XSS) - Stored in instantsoft/icms2
https://notcve.org/view.php?id=CVE-2023-4187
Cross-site Scripting (XSS) - Stored in GitHub repository instantsoft/icms2 prior to 2.16.1-git. • https://github.com/instantsoft/icms2/commit/1dbc3e6c8fbf5d2dc551cb27fad0de3584dee40f https://huntr.dev/bounties/14941381-b669-4756-94fc-cce172472f8b • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 3CVE-2013-6839 – InstantCMS 1.10.3 - Blind SQL Injection
https://notcve.org/view.php?id=CVE-2013-6839
SQL injection vulnerability in InstantSoft InstantCMS 1.10.3 and earlier allows remote attackers to execute arbitrary SQL commands via the orderby parameter to catalog/[id]. Vulnerabilidad de inyección SQL en InstantSoft InstantCMS 1.10.3 y anteriores permite a atacantes remotos ejecutar comandos SQL a través del parámetro orderby de catalog/[id]. InstantCMS version 1.10.3 suffers from a remote SQL injection vulnerability. • https://www.exploit-db.com/exploits/30398 http://archives.neohapsis.com/archives/bugtraq/2013-12/0049.html http://secunia.com/advisories/56041 http://www.instantcms.ru/novosti/security-update-1-10-3.html http://www.securityfocus.com/bid/63842 https://www.htbridge.com/advisory/HTB23185 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •