thecosy
Web & CMS Pluginsunknown
Top products
Latest CVEs
The 15 most recently published vulnerabilities affecting thecosy.
- CVE-2025-22984An access control issue in the component /api/squareComment/DelectSquareById of iceCMS v2.2.0 allows unauthenticated attackers to access sensitive information.7.5
- CVE-2025-22983An access control issue in the component /square/getAllSquare/circle of iceCMS v2.2.0 allows unauthenticated attackers to access sensitive information.7.5
- CVE-2024-48202icecms <=3.4.7 has a File Upload vulnerability in FileUtils.java,uploadFile.9.8
- CVE-2024-46612IceCMS v3.4.7 and before was discovered to contain a hardcoded JWT key, allowing an attacker to forge JWT authentication information.9.8
- CVE-2024-46610An access control issue in IceCMS v3.4.7 and before allows attackers to arbitrarily modify users' information, including username and password, via a crafted POST request sent to the endpoint /User...7.5
- CVE-2024-46609An access control issue in the CheckVip function in UserController.java of IceCMS v3.4.7 and before allows unauthenticated attackers to access and returns all user information, including passwords7.5
- CVE-2024-46607Incorrect access control in IceCMS v3.4.7 and before allows attackers to authenticate by entering any arbitrary values as the username and password via the loginAdmin method in the UserController.j...7.6
- CVE-2023-6762Thecosy IceCMS Article permission5.4
- CVE-2023-6761Thecosy IceCMS User Data access control4.3
- CVE-2023-6760Thecosy IceCMS user session6.3
- CVE-2023-6759Thecosy IceCMS Love resource improper enforcement of a single, unique action5.3
- CVE-2023-6758Thecosy IceCMS API PlanetCommentList access control5.3
- CVE-2023-6757Thecosy IceCMS API PlanetUser information disclosure5.3
- CVE-2023-6756Thecosy IceCMS Captcha login excessive authentication5.3
- CVE-2023-6467Thecosy IceCMS Comment Like improper enforcement of a single, unique action3.1