Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

instantsoft — Vulnerabilities & Security Advisories 20

Browse all 20 CVE security advisories affecting instantsoft. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Instantsoft operates as a provider of enterprise software solutions, primarily focusing on document management and workflow automation systems. Security audits have identified twenty distinct Common Vulnerabilities and Exposures (CVEs) associated with its platform, indicating a history of significant security oversight. The most prevalent vulnerability classes include remote code execution (RCE) and cross-site scripting (XSS), which allow attackers to execute arbitrary commands or inject malicious scripts into web pages. Additionally, instances of privilege escalation have been documented, enabling unauthorized users to gain elevated access rights within the system. These flaws often stem from insufficient input validation and improper access control mechanisms. While no single catastrophic data breach has been widely publicized, the cumulative nature of these CVEs suggests systemic weaknesses in the software’s architecture. Organizations relying on Instantsoft must prioritize rigorous patch management and continuous security monitoring to mitigate these known risks effectively.

Top products by instantsoft: instantsoft/icms2 icms2
CVE IDTitleCVSSSeverityPublished
CVE-2026-28281 InstantCMS has Multiple CSRF Vulnerabilities — icms2CWE-352 7.1 High2026-03-09
CVE-2025-59055 InstantCMS vulnerable to Server-Side Request Forgery via package installer — icms2CWE-918 4.7 Medium2025-09-11
CVE-2024-50348 InstantCMS has a Cross Site Scripting Vulnerability — icms2CWE-79 5.4 Medium2024-10-29
CVE-2024-31213 InstantCMS Open Redirect vulnerability — icms2CWE-601 3.5 Low2024-04-05
CVE-2024-31212 SQL injection in index_chart_data action — icms2CWE-89 6.7 Medium2024-04-04
CVE-2023-4928 SQL Injection in instantsoft/icms2 — instantsoft/icms2CWE-89 9.8 -2023-09-13
CVE-2023-4879 Cross-site Scripting (XSS) - Stored in instantsoft/icms2 — instantsoft/icms2CWE-79 5.4 -2023-09-10
CVE-2023-4878 Server-Side Request Forgery (SSRF) in instantsoft/icms2 — instantsoft/icms2CWE-918 7.5 -2023-09-10
CVE-2023-4704 External Control of System or Configuration Setting in instantsoft/icms2 — instantsoft/icms2CWE-15 9.4 -2023-09-01
CVE-2023-4654 Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in instantsoft/icms2 — instantsoft/icms2CWE-614 5.3 -2023-08-31
CVE-2023-4655 Cross-site Scripting (XSS) - Reflected in instantsoft/icms2 — instantsoft/icms2CWE-79 6.1 -2023-08-31
CVE-2023-4649 Session Fixation in instantsoft/icms2 — instantsoft/icms2CWE-384 7.6 -2023-08-31
CVE-2023-4650 Improper Access Control in instantsoft/icms2 — instantsoft/icms2CWE-284 6.5 -2023-08-31
CVE-2023-4651 Server-Side Request Forgery (SSRF) in instantsoft/icms2 — instantsoft/icms2CWE-918 7.5 -2023-08-31
CVE-2023-4653 Cross-site Scripting (XSS) - Stored in instantsoft/icms2 — instantsoft/icms2CWE-79 5.4 -2023-08-31
CVE-2023-4652 Cross-site Scripting (XSS) - Stored in instantsoft/icms2 — instantsoft/icms2CWE-79 5.4 -2023-08-31
CVE-2023-4381 Unverified Password Change in instantsoft/icms2 — instantsoft/icms2CWE-620 9.8 -2023-08-16
CVE-2023-4189 Cross-site Scripting (XSS) - Reflected in instantsoft/icms2 — instantsoft/icms2CWE-79 6.1 -2023-08-05
CVE-2023-4188 SQL Injection in instantsoft/icms2 — instantsoft/icms2CWE-89 9.8 -2023-08-05
CVE-2023-4187 Cross-site Scripting (XSS) - Stored in instantsoft/icms2 — instantsoft/icms2CWE-79 5.4 -2023-08-05

This page lists every published CVE security advisory associated with instantsoft. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.