Vendor CVEs
Idreamsoft
All CVEs
51 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-14514 | Cri | 0.64 | 9.8 | 0.02 | Jul 23, 2018 | An SSRF vulnerability was discovered in idreamsoft iCMS V7.0.9 that allows attackers to read sensitive files, access an intranet, or possibly have unspecified other impact. | ||
| CVE-2018-12498 | Cri | 0.64 | 9.8 | 0.01 | Jun 15, 2018 | spider.admincp.php in iCMS v7.0.8 has SQL Injection via the id parameter in an app=spider&do=batch request to admincp.php. | ||
| CVE-2018-9924 | Cri | 0.64 | 9.8 | 0.01 | Apr 10, 2018 | An issue was discovered in idreamsoft iCMS through 7.0.7. SQL injection exists via the pid array parameter in an admincp.php?app=tag&do=save&frame=iPHP request. | ||
| CVE-2026-4320 | Cri | 0.60 | — | 0.00 | May 18, 2026 | Authorization Bypass vulnerability in Creartia's ICMS software could allow an attacker to gain unauthorized access to protected features by manipulating the HTTP redirect headers of the login process, causing the script to continue running and enabling privilege escalation… | ||
| CVE-2018-16366 | Hig | 0.57 | 8.8 | 0.01 | Sep 2, 2018 | An issue was discovered in idreamsoft iCMS V7.0.10. admincp.php?app=user&do=save allows CSRF. | ||
| CVE-2018-16365 | Hig | 0.57 | 8.8 | 0.01 | Sep 2, 2018 | An issue was discovered in idreamsoft iCMS V7.0.10. admincp.php?app=group&do=save allows CSRF. | ||
| CVE-2018-16332 | Hig | 0.57 | 8.8 | 0.01 | Sep 2, 2018 | An issue was discovered in iCMS 7.0.9. There is an admincp.php?app=article&do=update CSRF vulnerability. | ||
| CVE-2018-16314 | Hig | 0.57 | 8.8 | 0.01 | Sep 1, 2018 | An issue was discovered in admincp.php in idreamsoft iCMS 7.0.11. When verifying CSRF_TOKEN, if CSRF_TOKEN does not exist, only the Referer header is validated, which can be bypassed via an admincp.php substring in this header. | ||
| CVE-2018-10222 | Hig | 0.57 | 8.8 | 0.01 | Apr 19, 2018 | An issue was discovered in idreamsoft iCMS V7.0. There is a CSRF vulnerability that can add a Column via /admincp.php?app=article_category&do=save&frame=iPHP. | ||
| CVE-2018-10117 | Hig | 0.57 | 8.8 | 0.01 | Apr 16, 2018 | An issue was discovered in idreamsoft iCMS V7.0.7. There is a CSRF vulnerability that can add an admin account via admincp.php?app=members&do=save&frame=iPHP. | ||
| CVE-2018-9923 | Hig | 0.57 | 8.8 | 0.01 | Apr 10, 2018 | An issue was discovered in idreamsoft iCMS through 7.0.7. CSRF exists in admincp.php, as demonstrated by adding an article via an app=article&do=save&frame=iPHP request. | ||
| CVE-2018-15895 | Hig | 0.49 | 7.5 | 0.01 | Aug 27, 2018 | An SSRF vulnerability was discovered in idreamsoft iCMS 7.0.11 because the remote function in app/spider/spider_tools.class.php does not block DNS hostnames associated with private and reserved IP addresses, as demonstrated by 127.0.0.1 in an A record. NOTE: this vulnerability… | ||
| CVE-2018-14858 | Hig | 0.49 | 7.5 | 0.01 | Aug 2, 2018 | An SSRF vulnerability was discovered in idreamsoft iCMS before V7.0.11 because the remote function in app/spider/spider_tools.class.php does not block private and reserved IP addresses such as 10.0.0.0/8. NOTE: this vulnerability exists because of an incomplete fix for… | ||
| CVE-2018-16320 | Hig | 0.47 | 7.2 | 0.02 | Sep 1, 2018 | idreamsoft iCMS 7.0.11 allows admincp.php?app=config Directory Traversal, resulting in execution of arbitrary PHP code from a ZIP file. | ||
| CVE-2018-14415 | Med | 0.40 | 6.1 | 0.01 | Jul 20, 2018 | An issue was discovered in idreamsoft iCMS before 7.0.10. XSS exists via the fourth and fifth input elements on the admincp.php?app=prop&do=add screen. | ||
| CVE-2018-13865 | Med | 0.40 | 6.1 | 0.01 | Jul 10, 2018 | An issue was discovered in idreamsoft iCMS 7.0.9. XSS exists via the callback parameter in a public/api.php uploadpic request, bypassing the iWAF protection mechanism. | ||
| CVE-2018-10250 | Med | 0.35 | 5.4 | 0.01 | Apr 20, 2018 | iCMS V7.0.8 has XSS via the admincp.php keywords parameter in a weixin_category action, aka a WeChat Classified Management keyword search. | ||
| CVE-2018-9925 | Med | 0.35 | 5.4 | 0.01 | Apr 10, 2018 | An issue was discovered in idreamsoft iCMS through 7.0.7. XSS exists via the nickname field in an admincp.php?app=user&do=save&frame=iPHP request. | ||
| CVE-2018-9922 | Med | 0.35 | 5.3 | 0.01 | Apr 10, 2018 | An issue was discovered in idreamsoft iCMS through 7.0.7. Physical path leakage exists via an invalid nickname field that reveals a core/library/weixin.class.php pathname. | ||
| CVE-2025-15394 | Med | 0.31 | 4.7 | 0.00 | Dec 31, 2025 | A vulnerability was detected in iCMS up to 8.0.0. Affected is the function Save of the file app/config/ConfigAdmincp.php of the component POST Parameter Handler. The manipulation of the argument config results in code injection. The attack can be launched remotely. The exploit… | ||
| CVE-2026-30661 | 0.00 | — | 0.00 | Mar 24, 2026 | iCMS v8.0.0 contains a Cross-Site Scripting (XSS) vulnerability in the User Management component, specifically within the index.html file. This allows remote attackers to execute arbitrary web script or HTML via the regip or loginip parameters. | |||
| CVE-2023-42322 | 0.00 | — | 0.01 | Sep 20, 2023 | Insecure Permissions vulnerability in icmsdev iCMS v.7.0.16 allows a remote attacker to obtain sensitive information. | |||
| CVE-2023-42321 | 0.00 | — | 0.00 | Sep 20, 2023 | Cross Site Request Forgery (CSRF) vulnerability in icmsdev iCMSv.7.0.16 allows a remote attacker to execute arbitrary code via the user.admincp.php, members.admincp.php, and group.admincp.php files. | |||
| CVE-2023-40953 | 0.00 | — | 0.00 | Sep 8, 2023 | icms 7.0.16 is vulnerable to Cross Site Request Forgery (CSRF). | |||
| CVE-2023-39805 | 0.00 | — | 0.01 | Aug 10, 2023 | iCMS v7.0.16 was discovered to contain a SQL injection vulnerability via the where parameter at admincp.php. | |||
| CVE-2023-39806 | 0.00 | — | 0.01 | Aug 10, 2023 | iCMS v7.0.16 was discovered to contain a SQL injection vulnerability via the bakupdata function. | |||
| CVE-2022-41496 | 0.00 | — | 0.01 | Oct 13, 2022 | iCMS v7.0.16 was discovered to contain a Server-Side Request Forgery (SSRF) via the url parameter at admincp.php. | |||
| CVE-2021-44977 | 0.00 | — | 0.02 | Feb 4, 2022 | In iCMS <=8.0.0, a directory traversal vulnerability allows an attacker to read arbitrary files. | |||
| CVE-2020-21141 | 0.00 | — | 0.01 | Nov 12, 2021 | iCMS v7.0.15 was discovered to contain a Cross-Site Request Forgery (CSRF) via /admincp.php?app=members&do=add. | |||
| CVE-2020-26641 | 0.00 | — | 0.01 | May 28, 2021 | A Cross Site Request Forgery (CSRF) vulnerability was discovered in iCMS 7.0.16 which can allow an attacker to execute arbitrary web scripts. | |||
| CVE-2020-18070 | 0.00 | — | 0.02 | Apr 29, 2021 | Path Traversal in iCMS v7.0.13 allows remote attackers to delete folders by injecting commands into a crafted HTTP request to the "do_del()" method of the component "database.admincp.php". | |||
| CVE-2020-19142 | 0.00 | — | 0.02 | Dec 10, 2020 | iCMS 7 attackers to execute arbitrary OS commands via shell metacharacters in the DB_PREFIX parameter to install/install.php. | |||
| CVE-2020-19527 | 0.00 | — | 0.02 | Dec 10, 2020 | iCMS 7.0.14 attackers to execute arbitrary OS commands via shell metacharacters in the DB_NAME parameter to install/install.php. | |||
| CVE-2020-24739 | 0.00 | — | 0.00 | Sep 10, 2020 | A CSRF vulnerability was found in iCMS v7.0.0 in the background deletion administrator account. When missing the CSRF_TOKEN and can still request normally, all administrators except the initial administrator will be deleted. | |||
| CVE-2019-17583 | 0.00 | — | 0.01 | Oct 14, 2019 | idreamsoft iCMS 7.0.15 allows remote attackers to cause a denial of service (resource consumption) via a query for many comments, as demonstrated by the admincp.php?app=comment&perpage= substring followed by a large positive integer. | |||
| CVE-2019-17552 | 0.00 | — | 0.01 | Oct 14, 2019 | An issue was discovered in idreamsoft iCMS v7.0.14. There is a spider_project.admincp.php SQL injection vulnerability in the 'upload spider project scheme' feature via a two-dimensional payload. | |||
| CVE-2019-16677 | 0.00 | — | 0.00 | Sep 21, 2019 | An issue was discovered in idreamsoft iCMS V7.0. admincp.php?app=members&do=del allows CSRF. | |||
| CVE-2019-14976 | 0.00 | — | 0.01 | Aug 12, 2019 | iCMS 7.0.15 allows admincp.php?app=apps XSS via the keywords parameter. | |||
| CVE-2019-11427 | 0.00 | — | 0.01 | Apr 21, 2019 | An XSS issue was discovered in app/search/search.app.php in idreamsoft iCMS 7.0.14 via the public/api.php?app=search q parameter. | |||
| CVE-2019-11426 | 0.00 | — | 0.01 | Apr 21, 2019 | An XSS issue was discovered in app/admincp/template/admincp.header.php in idreamsoft iCMS 7.0.14 via the admincp.php?app=config tab parameter. | |||
| CVE-2019-8902 | 0.00 | — | 0.00 | Feb 18, 2019 | An issue was discovered in idreamsoft iCMS through 7.0.14. A CSRF vulnerability can delete users' articles via the public/api.php?app=user URI. | |||
| CVE-2019-7236 | 0.00 | — | 0.02 | Jan 30, 2019 | An issue was discovered in idreamsoft iCMS 7.0.13. editor/editor.admincp.php allows admincp.php?app=editor&do=fileManager dir=../ Directory Traversal. | |||
| CVE-2019-7237 | 0.00 | — | 0.02 | Jan 30, 2019 | An issue was discovered in idreamsoft iCMS 7.0.13 on Windows. editor/editor.admincp.php allows admincp.php?app=files&do=browse ..\ Directory Traversal. | |||
| CVE-2019-7235 | 0.00 | — | 0.02 | Jan 30, 2019 | An issue was discovered in idreamsoft iCMS 7.0.13. admincp.php?app=apps&do=save allows directory traversal via _app=/../ to designate an arbitrary directory because of an apps.admincp.php error. This directory can then be deleted via an admincp.php?app=apps&do=uninstall request. | |||
| CVE-2019-7234 | 0.00 | — | 0.02 | Jan 30, 2019 | An issue was discovered in idreamsoft iCMS 7.0.13. admincp.php?app=apps&do=save allows directory traversal via _app=/../ to begin the process of creating a ZIP archive file with the complete contents of any directory because of an apps.admincp.php error. This ZIP archive file… | |||
| CVE-2019-7160 | 0.00 | — | 0.03 | Jan 29, 2019 | idreamsoft iCMS 7.0.13 allows admincp.php?app=files ../ Directory Traversal via the udir parameter to files.admincp.php, resulting in execution of arbitrary PHP code from a ZIP file via the admincp.php?app=apps zipfile parameter to apps.admincp.php. | |||
| CVE-2019-6259 | 0.00 | — | 0.02 | Jan 14, 2019 | An issue was discovered in idreamsoft iCMS V7.0.13. There is SQL Injection via the app/article/article.admincp.php _data_id parameter. | |||
| CVE-2018-18702 | 0.00 | — | 0.01 | Oct 27, 2018 | spider.admincp.php in iCMS v7.0.11 allows SQL injection via admincp.php?app=spider&do=import_rule because the upfile content is base64 decoded, deserialized, and used for database insertion. | |||
| CVE-2005-4397 | 0.00 | — | 0.01 | Dec 20, 2005 | SQL injection vulnerability in RunScript.asp iCMS allows remote attackers to execute arbitrary SQL commands via the Event_ID parameter. | |||
| CVE-2005-4396 | 0.00 | — | 0.01 | Dec 20, 2005 | Cross-site scripting (XSS) vulnerability in admin/Default.asp in iCMS allows remote attackers to inject arbitrary web script or HTML via the LoginMSG parameter. NOTE: the provenance of this issue is unknown; the details were obtained solely from third party sources. |
- risk 0.64cvss 9.8epss 0.02
An SSRF vulnerability was discovered in idreamsoft iCMS V7.0.9 that allows attackers to read sensitive files, access an intranet, or possibly have unspecified other impact.
- risk 0.64cvss 9.8epss 0.01
spider.admincp.php in iCMS v7.0.8 has SQL Injection via the id parameter in an app=spider&do=batch request to admincp.php.
- risk 0.64cvss 9.8epss 0.01
An issue was discovered in idreamsoft iCMS through 7.0.7. SQL injection exists via the pid array parameter in an admincp.php?app=tag&do=save&frame=iPHP request.
- risk 0.60cvss —epss 0.00
Authorization Bypass vulnerability in Creartia's ICMS software could allow an attacker to gain unauthorized access to protected features by manipulating the HTTP redirect headers of the login process, causing the script to continue running and enabling privilege escalation…
- risk 0.57cvss 8.8epss 0.01
An issue was discovered in idreamsoft iCMS V7.0.10. admincp.php?app=user&do=save allows CSRF.
- risk 0.57cvss 8.8epss 0.01
An issue was discovered in idreamsoft iCMS V7.0.10. admincp.php?app=group&do=save allows CSRF.
- risk 0.57cvss 8.8epss 0.01
An issue was discovered in iCMS 7.0.9. There is an admincp.php?app=article&do=update CSRF vulnerability.
- risk 0.57cvss 8.8epss 0.01
An issue was discovered in admincp.php in idreamsoft iCMS 7.0.11. When verifying CSRF_TOKEN, if CSRF_TOKEN does not exist, only the Referer header is validated, which can be bypassed via an admincp.php substring in this header.
- risk 0.57cvss 8.8epss 0.01
An issue was discovered in idreamsoft iCMS V7.0. There is a CSRF vulnerability that can add a Column via /admincp.php?app=article_category&do=save&frame=iPHP.
- risk 0.57cvss 8.8epss 0.01
An issue was discovered in idreamsoft iCMS V7.0.7. There is a CSRF vulnerability that can add an admin account via admincp.php?app=members&do=save&frame=iPHP.
- risk 0.57cvss 8.8epss 0.01
An issue was discovered in idreamsoft iCMS through 7.0.7. CSRF exists in admincp.php, as demonstrated by adding an article via an app=article&do=save&frame=iPHP request.
- risk 0.49cvss 7.5epss 0.01
An SSRF vulnerability was discovered in idreamsoft iCMS 7.0.11 because the remote function in app/spider/spider_tools.class.php does not block DNS hostnames associated with private and reserved IP addresses, as demonstrated by 127.0.0.1 in an A record. NOTE: this vulnerability…
- risk 0.49cvss 7.5epss 0.01
An SSRF vulnerability was discovered in idreamsoft iCMS before V7.0.11 because the remote function in app/spider/spider_tools.class.php does not block private and reserved IP addresses such as 10.0.0.0/8. NOTE: this vulnerability exists because of an incomplete fix for…
- risk 0.47cvss 7.2epss 0.02
idreamsoft iCMS 7.0.11 allows admincp.php?app=config Directory Traversal, resulting in execution of arbitrary PHP code from a ZIP file.
- risk 0.40cvss 6.1epss 0.01
An issue was discovered in idreamsoft iCMS before 7.0.10. XSS exists via the fourth and fifth input elements on the admincp.php?app=prop&do=add screen.
- risk 0.40cvss 6.1epss 0.01
An issue was discovered in idreamsoft iCMS 7.0.9. XSS exists via the callback parameter in a public/api.php uploadpic request, bypassing the iWAF protection mechanism.
- risk 0.35cvss 5.4epss 0.01
iCMS V7.0.8 has XSS via the admincp.php keywords parameter in a weixin_category action, aka a WeChat Classified Management keyword search.
- risk 0.35cvss 5.4epss 0.01
An issue was discovered in idreamsoft iCMS through 7.0.7. XSS exists via the nickname field in an admincp.php?app=user&do=save&frame=iPHP request.
- risk 0.35cvss 5.3epss 0.01
An issue was discovered in idreamsoft iCMS through 7.0.7. Physical path leakage exists via an invalid nickname field that reveals a core/library/weixin.class.php pathname.
- risk 0.31cvss 4.7epss 0.00
A vulnerability was detected in iCMS up to 8.0.0. Affected is the function Save of the file app/config/ConfigAdmincp.php of the component POST Parameter Handler. The manipulation of the argument config results in code injection. The attack can be launched remotely. The exploit…
- CVE-2026-30661Mar 24, 2026risk 0.00cvss —epss 0.00
iCMS v8.0.0 contains a Cross-Site Scripting (XSS) vulnerability in the User Management component, specifically within the index.html file. This allows remote attackers to execute arbitrary web script or HTML via the regip or loginip parameters.
- CVE-2023-42322Sep 20, 2023risk 0.00cvss —epss 0.01
Insecure Permissions vulnerability in icmsdev iCMS v.7.0.16 allows a remote attacker to obtain sensitive information.
- CVE-2023-42321Sep 20, 2023risk 0.00cvss —epss 0.00
Cross Site Request Forgery (CSRF) vulnerability in icmsdev iCMSv.7.0.16 allows a remote attacker to execute arbitrary code via the user.admincp.php, members.admincp.php, and group.admincp.php files.
- CVE-2023-40953Sep 8, 2023risk 0.00cvss —epss 0.00
icms 7.0.16 is vulnerable to Cross Site Request Forgery (CSRF).
- CVE-2023-39805Aug 10, 2023risk 0.00cvss —epss 0.01
iCMS v7.0.16 was discovered to contain a SQL injection vulnerability via the where parameter at admincp.php.
- CVE-2023-39806Aug 10, 2023risk 0.00cvss —epss 0.01
iCMS v7.0.16 was discovered to contain a SQL injection vulnerability via the bakupdata function.
- CVE-2022-41496Oct 13, 2022risk 0.00cvss —epss 0.01
iCMS v7.0.16 was discovered to contain a Server-Side Request Forgery (SSRF) via the url parameter at admincp.php.
- CVE-2021-44977Feb 4, 2022risk 0.00cvss —epss 0.02
In iCMS <=8.0.0, a directory traversal vulnerability allows an attacker to read arbitrary files.
- CVE-2020-21141Nov 12, 2021risk 0.00cvss —epss 0.01
iCMS v7.0.15 was discovered to contain a Cross-Site Request Forgery (CSRF) via /admincp.php?app=members&do=add.
- CVE-2020-26641May 28, 2021risk 0.00cvss —epss 0.01
A Cross Site Request Forgery (CSRF) vulnerability was discovered in iCMS 7.0.16 which can allow an attacker to execute arbitrary web scripts.
- CVE-2020-18070Apr 29, 2021risk 0.00cvss —epss 0.02
Path Traversal in iCMS v7.0.13 allows remote attackers to delete folders by injecting commands into a crafted HTTP request to the "do_del()" method of the component "database.admincp.php".
- CVE-2020-19142Dec 10, 2020risk 0.00cvss —epss 0.02
iCMS 7 attackers to execute arbitrary OS commands via shell metacharacters in the DB_PREFIX parameter to install/install.php.
- CVE-2020-19527Dec 10, 2020risk 0.00cvss —epss 0.02
iCMS 7.0.14 attackers to execute arbitrary OS commands via shell metacharacters in the DB_NAME parameter to install/install.php.
- CVE-2020-24739Sep 10, 2020risk 0.00cvss —epss 0.00
A CSRF vulnerability was found in iCMS v7.0.0 in the background deletion administrator account. When missing the CSRF_TOKEN and can still request normally, all administrators except the initial administrator will be deleted.
- CVE-2019-17583Oct 14, 2019risk 0.00cvss —epss 0.01
idreamsoft iCMS 7.0.15 allows remote attackers to cause a denial of service (resource consumption) via a query for many comments, as demonstrated by the admincp.php?app=comment&perpage= substring followed by a large positive integer.
- CVE-2019-17552Oct 14, 2019risk 0.00cvss —epss 0.01
An issue was discovered in idreamsoft iCMS v7.0.14. There is a spider_project.admincp.php SQL injection vulnerability in the 'upload spider project scheme' feature via a two-dimensional payload.
- CVE-2019-16677Sep 21, 2019risk 0.00cvss —epss 0.00
An issue was discovered in idreamsoft iCMS V7.0. admincp.php?app=members&do=del allows CSRF.
- CVE-2019-14976Aug 12, 2019risk 0.00cvss —epss 0.01
iCMS 7.0.15 allows admincp.php?app=apps XSS via the keywords parameter.
- CVE-2019-11427Apr 21, 2019risk 0.00cvss —epss 0.01
An XSS issue was discovered in app/search/search.app.php in idreamsoft iCMS 7.0.14 via the public/api.php?app=search q parameter.
- CVE-2019-11426Apr 21, 2019risk 0.00cvss —epss 0.01
An XSS issue was discovered in app/admincp/template/admincp.header.php in idreamsoft iCMS 7.0.14 via the admincp.php?app=config tab parameter.
- CVE-2019-8902Feb 18, 2019risk 0.00cvss —epss 0.00
An issue was discovered in idreamsoft iCMS through 7.0.14. A CSRF vulnerability can delete users' articles via the public/api.php?app=user URI.
- CVE-2019-7236Jan 30, 2019risk 0.00cvss —epss 0.02
An issue was discovered in idreamsoft iCMS 7.0.13. editor/editor.admincp.php allows admincp.php?app=editor&do=fileManager dir=../ Directory Traversal.
- CVE-2019-7237Jan 30, 2019risk 0.00cvss —epss 0.02
An issue was discovered in idreamsoft iCMS 7.0.13 on Windows. editor/editor.admincp.php allows admincp.php?app=files&do=browse ..\ Directory Traversal.
- CVE-2019-7235Jan 30, 2019risk 0.00cvss —epss 0.02
An issue was discovered in idreamsoft iCMS 7.0.13. admincp.php?app=apps&do=save allows directory traversal via _app=/../ to designate an arbitrary directory because of an apps.admincp.php error. This directory can then be deleted via an admincp.php?app=apps&do=uninstall request.
- CVE-2019-7234Jan 30, 2019risk 0.00cvss —epss 0.02
An issue was discovered in idreamsoft iCMS 7.0.13. admincp.php?app=apps&do=save allows directory traversal via _app=/../ to begin the process of creating a ZIP archive file with the complete contents of any directory because of an apps.admincp.php error. This ZIP archive file…
- CVE-2019-7160Jan 29, 2019risk 0.00cvss —epss 0.03
idreamsoft iCMS 7.0.13 allows admincp.php?app=files ../ Directory Traversal via the udir parameter to files.admincp.php, resulting in execution of arbitrary PHP code from a ZIP file via the admincp.php?app=apps zipfile parameter to apps.admincp.php.
- CVE-2019-6259Jan 14, 2019risk 0.00cvss —epss 0.02
An issue was discovered in idreamsoft iCMS V7.0.13. There is SQL Injection via the app/article/article.admincp.php _data_id parameter.
- CVE-2018-18702Oct 27, 2018risk 0.00cvss —epss 0.01
spider.admincp.php in iCMS v7.0.11 allows SQL injection via admincp.php?app=spider&do=import_rule because the upfile content is base64 decoded, deserialized, and used for database insertion.
- CVE-2005-4397Dec 20, 2005risk 0.00cvss —epss 0.01
SQL injection vulnerability in RunScript.asp iCMS allows remote attackers to execute arbitrary SQL commands via the Event_ID parameter.
- CVE-2005-4396Dec 20, 2005risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in admin/Default.asp in iCMS allows remote attackers to inject arbitrary web script or HTML via the LoginMSG parameter. NOTE: the provenance of this issue is unknown; the details were obtained solely from third party sources.
Page 1 of 2