Vulnerabilities > Instantcms
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-09-13 | CVE-2023-4928 | SQL Injection vulnerability in Instantcms Icms2 SQL Injection in GitHub repository instantsoft/icms2 prior to 2.16.1. | 7.2 |
| 2023-09-10 | CVE-2023-4878 | Server-Side Request Forgery (SSRF) vulnerability in Instantcms Server-Side Request Forgery (SSRF) in GitHub repository instantsoft/icms2 prior to 2.16.1-git. | 5.4 |
| 2023-09-10 | CVE-2023-4879 | Cross-site Scripting vulnerability in Instantcms Cross-site Scripting (XSS) - Stored in GitHub repository instantsoft/icms2 prior to 2.16.1.-git. | 4.8 |
| 2023-09-01 | CVE-2023-4704 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Instantcms External Control of System or Configuration Setting in GitHub repository instantsoft/icms2 prior to 2.16.1-git. | 4.9 |
| 2023-08-31 | CVE-2023-4649 | Session Fixation vulnerability in Instantcms Session Fixation in GitHub repository instantsoft/icms2 prior to 2.16.1. | 5.4 |
| 2023-08-31 | CVE-2023-4650 | Improper Access Control vulnerability in Instantcms Improper Access Control in GitHub repository instantsoft/icms2 prior to 2.16.1-git. | 4.7 |
| 2023-08-31 | CVE-2023-4651 | Server-Side Request Forgery (SSRF) vulnerability in Instantcms Server-Side Request Forgery (SSRF) in GitHub repository instantsoft/icms2 prior to 2.16.1. | 5.4 |
| 2023-08-31 | CVE-2023-4652 | Cross-site Scripting vulnerability in Instantcms Cross-site Scripting (XSS) - Stored in GitHub repository instantsoft/icms2 prior to 2.16.1-git. | 5.4 |
| 2023-08-31 | CVE-2023-4653 | Cross-site Scripting vulnerability in Instantcms Cross-site Scripting (XSS) - Stored in GitHub repository instantsoft/icms2 prior to 2.16.1-git. | 4.8 |
| 2023-08-31 | CVE-2023-4654 | Sensitive Cookie in HTTPS Session Without 'Secure' Attribute vulnerability in Instantcms Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository instantsoft/icms2 prior to 2.16.1. | 3.5 |