Vulnerabilities (CVE)

Filtered by vendor Idreamsoft Subscribe
Filtered by product Icms
Total 28 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-16677 1 Idreamsoft 1 Icms 2024-11-21 5.8 MEDIUM 6.5 MEDIUM
An issue was discovered in idreamsoft iCMS V7.0. admincp.php?app=members&do=del allows CSRF.
CVE-2019-11427 1 Idreamsoft 1 Icms 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
An XSS issue was discovered in app/search/search.app.php in idreamsoft iCMS 7.0.14 via the public/api.php?app=search q parameter.
CVE-2019-11426 1 Idreamsoft 1 Icms 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
An XSS issue was discovered in app/admincp/template/admincp.header.php in idreamsoft iCMS 7.0.14 via the admincp.php?app=config tab parameter.
CVE-2018-16366 1 Idreamsoft 1 Icms 2024-11-21 6.8 MEDIUM 8.8 HIGH
An issue was discovered in idreamsoft iCMS V7.0.10. admincp.php?app=user&do=save allows CSRF.
CVE-2018-16365 1 Idreamsoft 1 Icms 2024-11-21 6.8 MEDIUM 8.8 HIGH
An issue was discovered in idreamsoft iCMS V7.0.10. admincp.php?app=group&do=save allows CSRF.
CVE-2018-16332 1 Idreamsoft 1 Icms 2024-11-21 6.8 MEDIUM 8.8 HIGH
An issue was discovered in iCMS 7.0.9. There is an admincp.php?app=article&do=update CSRF vulnerability.
CVE-2018-16320 1 Idreamsoft 1 Icms 2024-11-21 6.5 MEDIUM 7.2 HIGH
idreamsoft iCMS 7.0.11 allows admincp.php?app=config Directory Traversal, resulting in execution of arbitrary PHP code from a ZIP file.
CVE-2018-13865 1 Idreamsoft 1 Icms 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
An issue was discovered in idreamsoft iCMS 7.0.9. XSS exists via the callback parameter in a public/api.php uploadpic request, bypassing the iWAF protection mechanism.