CVE-2023-6466: Thecosy IceCMS User Comment planet cross site scripting
First published: Sat Dec 02 2023(Updated: )
A vulnerability was found in Thecosy IceCMS 2.0.1. It has been declared as problematic. This vulnerability affects unknown code of the file /planet of the component User Comment Handler. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-246616.
Credit: cna@vuldb.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| iCMS | =2.0.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2023-6466?
The severity of CVE-2023-6466 is medium.
How does CVE-2023-6466 affect Thecosy IceCMS?
CVE-2023-6466 affects Thecosy IceCMS version 2.0.1.
What is the manipulation that leads to cross-site scripting in CVE-2023-6466?
The manipulation that leads to cross-site scripting in CVE-2023-6466 is through the User Comment Handler component's /planet file.
Is CVE-2023-6466 exploitable remotely?
Yes, CVE-2023-6466 can be exploited remotely.
How can I fix CVE-2023-6466?
To fix CVE-2023-6466, it is recommended to update Thecosy IceCMS to a version that does not have the vulnerability.
- agent/type
- agent/first-publish-date
- agent/author
- agent/severity
- agent/references
- agent/title
- agent/weakness
- agent/description
- collector/epss-latest
- source/FIRST
- agent/epss
- agent/event
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/thecosy
- canonical/icms
- version/icms/2.0.1