fuzegit

17 exploits Active since Aug 2023
CVE-2023-4187 WRITEUP MEDIUM WRITEUP
instantcms < 2.16.1 - Stored Cross-Site Scripting
Cross-site Scripting (XSS) - Stored in GitHub repository instantsoft/icms2 prior to 2.16.1-git.
CVSS 4.8
CVE-2023-4188 WRITEUP CRITICAL WRITEUP
instantcms < 2.16.1 - SQL Injection
SQL Injection in GitHub repository instantsoft/icms2 prior to 2.16.1-git.
CVSS 9.1
CVE-2023-4189 WRITEUP MEDIUM WRITEUP
instantcms < 2.16.1 - Reflected Cross-Site Scripting
Cross-site Scripting (XSS) - Reflected in GitHub repository instantsoft/icms2 prior to 2.16.1-git.
CVSS 4.8
CVE-2023-4381 WRITEUP MEDIUM WRITEUP
instantsoft/icms2 <2.16.1 - Info Disclosure
Unverified Password Change in GitHub repository instantsoft/icms2 prior to 2.16.1-git.
CVSS 4.3
CVE-2023-4649 WRITEUP MEDIUM WRITEUP
instantsoft/icms2 <2.16.1 - Info Disclosure
Session Fixation in GitHub repository instantsoft/icms2 prior to 2.16.1.
CVSS 5.4
CVE-2023-4650 WRITEUP MEDIUM WRITEUP
instantcms < 2.16.1 - Improper Access Control
Improper Access Control in GitHub repository instantsoft/icms2 prior to 2.16.1-git.
CVSS 4.7
CVE-2023-4651 WRITEUP MEDIUM WRITEUP
instantcms < 2.16.1 - Server-Side Request Forgery
Server-Side Request Forgery (SSRF) in GitHub repository instantsoft/icms2 prior to 2.16.1.
CVSS 5.4
CVE-2023-4652 WRITEUP MEDIUM WRITEUP
InstantCMS < 2.16.1 - Stored Cross-Site Scripting
Cross-site Scripting (XSS) - Stored in GitHub repository instantsoft/icms2 prior to 2.16.1-git.
CVSS 5.4
CVE-2023-4653 WRITEUP MEDIUM WRITEUP
InstantCMS < 2.16.1 - Stored Cross-Site Scripting
Cross-site Scripting (XSS) - Stored in GitHub repository instantsoft/icms2 prior to 2.16.1-git.
CVSS 4.8
CVE-2023-4654 WRITEUP LOW WRITEUP
instantsoft/icms2 <2.16.1 - Info Disclosure
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository instantsoft/icms2 prior to 2.16.1.
CVSS 3.5
CVE-2023-4655 WRITEUP MEDIUM WRITEUP
instantcms < 2.16.1 - Reflected Cross-Site Scripting
Cross-site Scripting (XSS) - Reflected in GitHub repository instantsoft/icms2 prior to 2.16.1.
CVSS 6.1
CVE-2023-4704 WRITEUP MEDIUM WRITEUP
instantsoft/icms2 <2.16.1 - Elevation of Privilege
External Control of System or Configuration Setting in GitHub repository instantsoft/icms2 prior to 2.16.1-git.
CVSS 4.9
CVE-2023-4878 WRITEUP MEDIUM WRITEUP
InstantCMS < 2.16.1-git - Server-Side Request Forgery
Server-Side Request Forgery (SSRF) in GitHub repository instantsoft/icms2 prior to 2.16.1-git.
CVSS 5.4
CVE-2023-4879 WRITEUP MEDIUM WRITEUP
instantsoft/icms2 <2.16.1.-git - XSS
Cross-site Scripting (XSS) - Stored in GitHub repository instantsoft/icms2 prior to 2.16.1.-git.
CVSS 4.8
CVE-2023-4928 WRITEUP HIGH WRITEUP
instantcms icms2 < 2.16.1 - SQL Injection
SQL Injection in GitHub repository instantsoft/icms2 prior to 2.16.1.
CVSS 7.2
CVE-2024-50348 WRITEUP MEDIUM WRITEUP
InstantCMS < 2.16.3 - Stored Cross-Site Scripting via Photo Upload Function
InstantCMS is a free and open source content management system. In photo upload function in the photo album page there is no input validation taking place. Due to this attackers are able to inject the XSS (Cross Site Scripting) payload and execute. This vulnerability is fixed in 2.16.3.
CVSS 5.4
CVE-2025-59055 WRITEUP MEDIUM WRITEUP
InstantCMS <= 2.17.3 - Authenticated Server-Side Request Forgery via Package Parameter
InstantCMS is a free and open source content management system. A blind Server-Side Request Forgery (SSRF) vulnerability in InstantCMS up to and including 2.17.3 allows authenticated remote attackers to make nay HTTP/HTTPS request via the package parameter. It is possible to make any HTTP/HTTPS request to any website in installer functionality. Due to such vulnerability it is possible to for example scan local network, call local services and its functions, conduct a DoS attack, and/or disclose a server's real IP if it's behind a reverse proxy. It is also possible to exhaust server resources by sending plethora of such requests. As of time of publication, no patched releases are available.
CVSS 4.7