CVE-2026-30661

MEDIUM

iCMS 8.0.0 - Cross-Site Scripting via regip or loginip Parameters

Title source: llm
STIX 2.1

Description

iCMS v8.0.0 contains a Cross-Site Scripting (XSS) vulnerability in the User Management component, specifically within the index.html file. This allows remote attackers to execute arbitrary web script or HTML via the regip or loginip parameters.

References (1)

Core 1

Scores

CVSS v3 6.1
EPSS 0.0021
EPSS Percentile 10.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

CWE
CWE-79
Status published
Products (1)
idreamsoft/icms 8.0.0
Published Mar 24, 2026
Tracked Since Mar 24, 2026