Description
In ICEcoder 8.0 allows, a reflected XSS vulnerability was identified in the multipe-results.php page due to insufficient sanitization of the _GET['replace'] variable. As a result, arbitrary Javascript code can get executed.
References (3)
Core 3
Core References
Product, Third Party Advisory x_refsource_misc
https://github.com/icecoder/ICEcoder
Exploit, Third Party Advisory x_refsource_misc
https://groups.google.com/g/icecoder/c/xcAc8_1UPxQ
Third Party Advisory x_refsource_misc
https://prophaze.com/cve/icecoder-8-0-multipe-results-php-replace-cross-site-scripting/
Scores
CVSS v3
5.4
EPSS
0.0024
EPSS Percentile
46.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-79
Status
published
Products (2)
icecoder/icecoder
8.0
icecoder/icecoder
0 - 8.1Packagist
Published
Jun 08, 2021
Tracked Since
Feb 18, 2026