IceCMS issues

后台文章列表一直打转（已经无请求），且会重复发送相同请求

2

![录屏_选择区域_20230504110619](https://user-images.githubusercontent.com/26164116/236104405-ec9c4030-b984-4973-816d-a748b9c48aac.gif)

371091997

There is a Stored-XSS vulnerability in IceCMS v1.0.0

There is a Stored-XSS vulnerability in IceCMS v1.0.0 api : /Websquare/create/circle planet - circle POC： The payload is `` ![06](https://user-images.githubusercontent.com/35645904/235698897-baef4711-9678-4d5f-9453-38cfbe71d17f.png) ![05](https://user-images.githubusercontent.com/35645904/235699004-966ba0b0-8448-400c-b9d7-ec9bae10a60e.png)

topdayplus

在后台将资源设置为免费，但下载时还是需要扫码支付0元

1

![image](https://user-images.githubusercontent.com/26164116/234263527-6a4a60a9-0a0d-4311-8fa6-a9ffe06a4e43.png)

371091997

There is unauthorized access to the API, resulting in the disclosure of sensitive information

1

This api does not require login, obtains user information through user_id, and returns the user name, password, and email address in plain text. ![02](https://user-images.githubusercontent.com/35645904/235364459-98f11a8f-769d-48f9-8411-d6a117a22e2e.png) It is like the preview address...

topdayplus

h1thub

IceCMS
IceCMS copied to clipboard

Metadata

后台文章列表一直打转（已经无请求），且会重复发送相同请求

There is a Stored-XSS vulnerability in IceCMS v1.0.0

在后台将资源设置为免费，但下载时还是需要扫码支付0元

There is unauthorized access to the API, resulting in the disclosure of sensitive information

[vulnerability security] Vertical Privilege Escalation Vulnerability

[vulnerability security] Vertical Privilege Escalation Vulnerability

[vulnerability security] Vertical Privilege Escalation Vulnerability

[vulnerability security] Vertical Privilege Escalation Vulnerability

[vulnerability security] Vertical Privilege Escalation Vulnerability

Unauthorized and Over-Privileged API Access Vulnerability: Harvesting All Usernames and Passwords

← Metadata

Owner

Metadata

IceCMS IceCMS copied to clipboard

Metadata

← Metadata

Owner

Metadata

IceCMS
IceCMS copied to clipboard