Vulnerabilities > Icmsdev > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-08-12 | CVE-2019-14976 | Cross-site Scripting vulnerability in Icmsdev Icms 7.0.15 iCMS 7.0.15 allows admincp.php?app=apps XSS via the keywords parameter. | 4.3 |
| 2018-09-01 | CVE-2018-16314 | Cross-Site Request Forgery (CSRF) vulnerability in Icmsdev Icms 7.0.11 An issue was discovered in admincp.php in idreamsoft iCMS 7.0.11. | 6.8 |
| 2018-08-27 | CVE-2018-15895 | Server-Side Request Forgery (SSRF) vulnerability in Icmsdev Icms An SSRF vulnerability was discovered in idreamsoft iCMS 7.0.11 because the remote function in app/spider/spider_tools.class.php does not block DNS hostnames associated with private and reserved IP addresses, as demonstrated by 127.0.0.1 in an A record. | 5.0 |
| 2018-08-02 | CVE-2018-14858 | Server-Side Request Forgery (SSRF) vulnerability in Icmsdev Icms An SSRF vulnerability was discovered in idreamsoft iCMS before V7.0.11 because the remote function in app/spider/spider_tools.class.php does not block private and reserved IP addresses such as 10.0.0.0/8. | 5.0 |
| 2018-07-20 | CVE-2018-14415 | Cross-site Scripting vulnerability in Icmsdev Icms An issue was discovered in idreamsoft iCMS before 7.0.10. | 4.3 |
| 2018-04-19 | CVE-2018-10222 | Cross-Site Request Forgery (CSRF) vulnerability in Icmsdev Icms 7.0 An issue was discovered in idreamsoft iCMS V7.0. | 6.8 |
| 2018-04-16 | CVE-2018-10117 | Cross-Site Request Forgery (CSRF) vulnerability in Icmsdev Icms 7.0.7 An issue was discovered in idreamsoft iCMS V7.0.7. | 6.8 |
| 2018-04-10 | CVE-2018-9923 | Cross-Site Request Forgery (CSRF) vulnerability in Icmsdev Icms An issue was discovered in idreamsoft iCMS through 7.0.7. | 6.8 |
| 2018-04-10 | CVE-2018-9922 | Information Exposure vulnerability in Icmsdev Icms An issue was discovered in idreamsoft iCMS through 7.0.7. | 5.0 |