Vulnerabilities > Icmsdev > Icms > Medium

DATE CVE VULNERABILITY TITLE RISK
2019-08-12 CVE-2019-14976 Cross-site Scripting vulnerability in Icmsdev Icms 7.0.15
iCMS 7.0.15 allows admincp.php?app=apps XSS via the keywords parameter.
network
icmsdev CWE-79
4.3
2018-09-01 CVE-2018-16314 Cross-Site Request Forgery (CSRF) vulnerability in Icmsdev Icms 7.0.11
An issue was discovered in admincp.php in idreamsoft iCMS 7.0.11.
network
icmsdev CWE-352
6.8
2018-08-27 CVE-2018-15895 Server-Side Request Forgery (SSRF) vulnerability in Icmsdev Icms
An SSRF vulnerability was discovered in idreamsoft iCMS 7.0.11 because the remote function in app/spider/spider_tools.class.php does not block DNS hostnames associated with private and reserved IP addresses, as demonstrated by 127.0.0.1 in an A record.
network
low complexity
icmsdev CWE-918
5.0
2018-08-02 CVE-2018-14858 Server-Side Request Forgery (SSRF) vulnerability in Icmsdev Icms
An SSRF vulnerability was discovered in idreamsoft iCMS before V7.0.11 because the remote function in app/spider/spider_tools.class.php does not block private and reserved IP addresses such as 10.0.0.0/8.
network
low complexity
icmsdev CWE-918
5.0
2018-07-20 CVE-2018-14415 Cross-site Scripting vulnerability in Icmsdev Icms
An issue was discovered in idreamsoft iCMS before 7.0.10.
network
icmsdev CWE-79
4.3
2018-04-19 CVE-2018-10222 Cross-Site Request Forgery (CSRF) vulnerability in Icmsdev Icms 7.0
An issue was discovered in idreamsoft iCMS V7.0.
network
icmsdev CWE-352
6.8
2018-04-16 CVE-2018-10117 Cross-Site Request Forgery (CSRF) vulnerability in Icmsdev Icms 7.0.7
An issue was discovered in idreamsoft iCMS V7.0.7.
network
icmsdev CWE-352
6.8
2018-04-10 CVE-2018-9923 Cross-Site Request Forgery (CSRF) vulnerability in Icmsdev Icms
An issue was discovered in idreamsoft iCMS through 7.0.7.
network
icmsdev CWE-352
6.8
2018-04-10 CVE-2018-9922 Information Exposure vulnerability in Icmsdev Icms
An issue was discovered in idreamsoft iCMS through 7.0.7.
network
low complexity
icmsdev CWE-200
5.0