Medium severity5.4NVD Advisory· Published Oct 29, 2024· Updated Jun 17, 2026
CVE-2024-50348
CVE-2024-50348
Description
InstantCMS is a free and open source content management system. In photo upload function in the photo album page there is no input validation taking place. Due to this attackers are able to inject the XSS (Cross Site Scripting) payload and execute. This vulnerability is fixed in 2.16.3.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3- Range: >=2.16.3
>=2.16.3+ 1 more
- (no CPE)range: >=2.16.3
- (no CPE)range: < 2.16.3
Patches
Vulnerability mechanics
References
2- github.com/instantsoft/icms2/commit/e02de2fa1850bb40c9b2050b9256c838a0ea7aa3nvdPatch
- github.com/instantsoft/icms2/security/advisories/GHSA-f6cf-jg84-fw29nvdExploitPatchVendor Advisory
News mentions
0No linked articles in our index yet.