Affected Products

Vendor / product matrix with CVE counts sourced from the CPE catalog.

Export CSV

Products

1 vendor
VendorProductsCVEsKEVAvg EPSSWorst Severity
idreamsoft
15029.0%CRITICAL

Related CVEs

5
CVE IDDescriptionSeverityCVSSKEVEPSSPublished
CVE-2026-30661iCMS v8.0.0 contains a Cross-Site Scripting (XSS) vulnerability in the User Management component, specifically within the index.html file. This allows remote attackers to execute arbitrary web script or HTML via the regip or loginip parameters.MEDIUM6.110.6%Mar 24, 2026
CVE-2025-15394A vulnerability was detected in iCMS up to 8.0.0. Affected is the function Save of the file app/config/ConfigAdmincp.php of the component POST Parameter Handler. The manipulation of the argument config results in code injection. The attack can be launched remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.LOW2.032.3%Dec 31, 2025
CVE-2023-40953icms 7.0.16 is vulnerable to Cross Site Request Forgery (CSRF).HIGH8.814.5%Sep 8, 2023
CVE-2023-39806iCMS v7.0.16 was discovered to contain a SQL injection vulnerability via the bakupdata function.CRITICAL9.843.9%Aug 10, 2023
CVE-2023-39805iCMS v7.0.16 was discovered to contain a SQL injection vulnerability via the where parameter at admincp.php.CRITICAL9.843.9%Aug 10, 2023