Vulnerabilities > Instantcms > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-09-10 | CVE-2023-4878 | Server-Side Request Forgery (SSRF) vulnerability in Instantcms Server-Side Request Forgery (SSRF) in GitHub repository instantsoft/icms2 prior to 2.16.1-git. | 5.4 |
| 2023-09-10 | CVE-2023-4879 | Cross-site Scripting vulnerability in Instantcms Cross-site Scripting (XSS) - Stored in GitHub repository instantsoft/icms2 prior to 2.16.1.-git. | 4.8 |
| 2023-09-01 | CVE-2023-4704 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Instantcms External Control of System or Configuration Setting in GitHub repository instantsoft/icms2 prior to 2.16.1-git. | 4.9 |
| 2023-08-31 | CVE-2023-4649 | Session Fixation vulnerability in Instantcms Session Fixation in GitHub repository instantsoft/icms2 prior to 2.16.1. | 5.4 |
| 2023-08-31 | CVE-2023-4650 | Improper Access Control vulnerability in Instantcms Improper Access Control in GitHub repository instantsoft/icms2 prior to 2.16.1-git. | 4.7 |
| 2023-08-31 | CVE-2023-4651 | Server-Side Request Forgery (SSRF) vulnerability in Instantcms Server-Side Request Forgery (SSRF) in GitHub repository instantsoft/icms2 prior to 2.16.1. | 5.4 |
| 2023-08-31 | CVE-2023-4652 | Cross-site Scripting vulnerability in Instantcms Cross-site Scripting (XSS) - Stored in GitHub repository instantsoft/icms2 prior to 2.16.1-git. | 5.4 |
| 2023-08-31 | CVE-2023-4653 | Cross-site Scripting vulnerability in Instantcms Cross-site Scripting (XSS) - Stored in GitHub repository instantsoft/icms2 prior to 2.16.1-git. | 4.8 |
| 2023-08-31 | CVE-2023-4655 | Cross-site Scripting vulnerability in Instantcms Cross-site Scripting (XSS) - Reflected in GitHub repository instantsoft/icms2 prior to 2.16.1. | 6.1 |
| 2023-08-16 | CVE-2023-4381 | Unspecified vulnerability in Instantcms Unverified Password Change in GitHub repository instantsoft/icms2 prior to 2.16.1-git. | 4.3 |