Skip to main content

Instantcms CVE-2023-4655

MEDIUM
Cross-site Scripting (XSS) (CWE-79)
2023-08-31 security@huntr.dev
6.1
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
6.1 MEDIUM
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

1
CVE Published
Aug 31, 2023 - 01:15 nvd
MEDIUM 6.1

DescriptionNVD

Cross-site Scripting (XSS) - Reflected in GitHub repository instantsoft/icms2 prior to 2.16.1.

AnalysisAI

Cross-site Scripting (XSS) - Reflected in GitHub repository instantsoft/icms2 prior to 2.16.1. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Technical ContextAI

This vulnerability is classified as Cross-Site Scripting (XSS) (CWE-79), which allows attackers to inject malicious scripts into web pages viewed by other users. Cross-site Scripting (XSS) - Reflected in GitHub repository instantsoft/icms2 prior to 2.16.1. Affected products include: Instantcms. Version information: prior to 2.16.1..

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Sanitize all user input, use Content-Security-Policy headers, encode output contextually (HTML, JS, URL). Use frameworks with built-in XSS protection.

CVE-2013-10051 CRITICAL POC
9.3 Aug 01

A remote PHP code execution vulnerability exists in InstantCMS version 1.6 and earlier due to unsafe use of eval() withi

CVE-2023-4188 CRITICAL POC
9.1 Aug 05

SQL Injection in GitHub repository instantsoft/icms2 prior to 2.16.1-git. Rated critical severity (CVSS 9.1), this vulne

CVE-2013-6839 HIGH POC
7.5 Dec 13

SQL injection vulnerability in InstantSoft InstantCMS 1.10.3 and earlier allows remote attackers to execute arbitrary SQ

CVE-2024-31212 HIGH POC
7.2 Apr 04

InstantCMS is a free and open source content management system. Rated high severity (CVSS 7.2), this vulnerability is re

CVE-2018-14382 MEDIUM POC
6.1 Jul 18

InstantCMS 2.10.1 has /redirect?url= XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable,

CVE-2024-50348 MEDIUM POC
5.4 Oct 29

InstantCMS is a free and open source content management system. Rated medium severity (CVSS 5.4), this vulnerability is

CVE-2024-31213 MEDIUM POC
5.4 Apr 05

InstantCMS is a free and open source content management system. Rated medium severity (CVSS 5.4), this vulnerability is

CVE-2023-4878 MEDIUM POC
5.4 Sep 10

Server-Side Request Forgery (SSRF) in GitHub repository instantsoft/icms2 prior to 2.16.1-git. Rated medium severity (CV

CVE-2023-4652 MEDIUM POC
5.4 Aug 31

Cross-site Scripting (XSS) - Stored in GitHub repository instantsoft/icms2 prior to 2.16.1-git. Rated medium severity (C

CVE-2023-4651 MEDIUM POC
5.4 Aug 31

Server-Side Request Forgery (SSRF) in GitHub repository instantsoft/icms2 prior to 2.16.1. Rated medium severity (CVSS 5

CVE-2023-4649 MEDIUM POC
5.4 Aug 31

Session Fixation in GitHub repository instantsoft/icms2 prior to 2.16.1. Rated medium severity (CVSS 5.4), this vulnerab

CVE-2023-4704 MEDIUM POC
4.9 Sep 01

External Control of System or Configuration Setting in GitHub repository instantsoft/icms2 prior to 2.16.1-git. Rated me

Share

CVE-2023-4655 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy