Vulnerabilities > Thecosy > Icecms > 1.0.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-25 | CVE-2024-46610 | Unspecified vulnerability in Thecosy Icecms 1.0.0/2.0.1 An access control issue in IceCMS v3.4.7 and before allows attackers to arbitrarily modify users' information, including username and password, via a crafted POST request sent to the endpoint /User/ChangeUser/s in the ChangeUser function in UserController.java | 7.5 |
| 2023-10-12 | CVE-2023-40833 | Unspecified vulnerability in Thecosy Icecms 1.0.0 An issue in Thecosy IceCMS v.1.0.0 allows a remote attacker to gain privileges via the Id and key parameters in getCosSetting. | 9.8 |
| 2023-05-25 | CVE-2023-33355 | Unspecified vulnerability in Thecosy Icecms 1.0.0 IceCMS v1.0.0 has Insecure Permissions. | 7.5 |
| 2023-05-25 | CVE-2023-33356 | Cross-site Scripting vulnerability in Thecosy Icecms 1.0.0 IceCMS v1.0.0 is vulnerable to Cross Site Scripting (XSS). | 5.4 |