Instantsoft Icms2
5 CVEs affecting Instantsoft Icms2. Latest disclosed: 2026-03-09. Critical: 0, High: 1.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-28281 | High | 7.1 | 2026-03-09 | InstantCMS is a free and open source content management system. Prior to 2.18.1, InstantCMS does not validate CSRF tokens, which allows attackers grant moderat… |
CVE-2024-31212 | Medium | 6.7 | 2024-04-04 | InstantCMS is a free and open source content management system. A SQL injection vulnerability affects instantcms v2.16.2 in which an attacker with administrati… |
CVE-2024-50348 | Medium | 5.4 | 2024-10-29 | InstantCMS is a free and open source content management system. In photo upload function in the photo album page there is no input validation taking place. Due… |
CVE-2025-59055 | Medium | 4.7 | 2025-09-11 | InstantCMS is a free and open source content management system. A blind Server-Side Request Forgery (SSRF) vulnerability in InstantCMS up to and including 2.17… |
CVE-2024-31213 | Low | 3.5 | 2024-04-05 | InstantCMS is a free and open source content management system. An open redirect was found in the ICMS2 application version 2.16.2 when being redirected after… |