Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Icecms
(Thecosy)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 17 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2024-09-25 | CVE-2024-46607 | Incorrect access control in IceCMS v3.4.7 and before allows attackers to authenticate by entering any arbitrary values as the username and password via the loginAdmin method in the UserController.java file. | Icecms | N/A | ||
| 2024-09-25 | CVE-2024-46609 | An access control issue in the CheckVip function in UserController.java of IceCMS v3.4.7 and before allows unauthenticated attackers to access and returns all user information, including passwords | Icecms | N/A | ||
| 2024-09-25 | CVE-2024-46612 | IceCMS v3.4.7 and before was discovered to contain a hardcoded JWT key, allowing an attacker to forge JWT authentication information. | Icecms | N/A | ||
| 2023-05-25 | CVE-2023-33355 | IceCMS v1.0.0 has Insecure Permissions. There is unauthorized access to the API, resulting in the disclosure of sensitive information. | Icecms | 7.5 | ||
| 2023-05-25 | CVE-2023-33356 | IceCMS v1.0.0 is vulnerable to Cross Site Scripting (XSS). | Icecms | 5.4 | ||
| 2023-10-12 | CVE-2023-40833 | An issue in Thecosy IceCMS v.1.0.0 allows a remote attacker to gain privileges via the Id and key parameters in getCosSetting. | Icecms | 9.8 | ||
| 2023-11-30 | CVE-2023-6438 | A vulnerability classified as problematic has been found in Thecosy IceCMS 2.0.1. Affected is an unknown function of the file /WebArticle/articles/ of the component Like Handler. The manipulation leads to improper enforcement of a single, unique action. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-246438 is the identifier assigned to this vulnerability. | Icecms | 5.3 |