CVE-2023-4652 MEDIUM

CVE-2023-4652: Cross-site Scripting (XSS) - Stored in instantsoft/icms2

Vendor Instantsoft
Product instantsoft/icms2
Weakness CWE-79 · XSS
Published August 31, 2023
Last update October 1, 2024
View on NVD All CVEs

CVSS base score

6.8/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction Required
Confidentiality High
Integrity Low

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:L

What the vulnerability does

01Description

Cross-site Scripting (XSS) - Stored in GitHub repository instantsoft/icms2 prior to 2.16.1-git.

Key dates

02Disclosure timeline

August 31, 2023 CVE published
October 1, 2024 Record updated

Related vulnerabilities

04Related CVE

CVE-2023-32499 WordPress Radio Station Plugin <= 2.4.0.9 is vulnerable to Cross Site Scripting (XSS) CVE-2023-46640 WordPress Medialist Plugin <= 1.3.9 is vulnerable to Cross Site Scripting (XSS) CVE-2022-2748 SourceCodester Simple Online Book Store System edit.php cross site scripting CVE-2024-10266 Premium Addons for Elementor <= 4.10.60 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via Video Box Widget CVE-2025-5133 Tmall Demo Search Box cross site scripting