Aggregates CVE and security vulnerability intelligence across all idccms-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Historical issues mainly involve vendor risk csrf and vendor risk cross-site scripting and related problems; some flaws may lead to vendor impact session compromise, affecting vendor surface software deployment scenarios.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2024-11587 | A vulnerability was found in idcCMS 1.60. It has been classified as problematic. This affects the function GetCityOptionJs of the file /inc/classProvCity.php. The manipulation of the argument idName leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | [email protected] | 5.3 | 1.09% | 2024-11-21 | 2024-11-22 |
| CVE-2024-40336 | idccms v1.35 is vulnerable to Cross Site Scripting (XSS) within the 'Image Advertising Management.' | [email protected] | 6.1 | 0.07% | 2024-07-10 | 2025-04-15 |
| CVE-2024-40332 | idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/moneyRecord_deal.php?mudi=delRecord | [email protected] | 8.8 | 0.05% | 2024-07-10 | 2024-11-21 |
| CVE-2024-40331 | idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/dbBakMySQL_deal.php?mudi=backup | [email protected] | 8.8 | 0.11% | 2024-07-10 | 2025-04-15 |
| CVE-2024-40334 | idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/serverFile_deal.php?mudi=upFileDel&dataID=3 | [email protected] | 8.8 | 0.32% | 2024-07-10 | 2024-11-21 |
| CVE-2024-40333 | idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/softBak_deal.php?mudi=del&dataID=2 | [email protected] | 8.8 | 0.44% | 2024-07-10 | 2025-04-15 |
| CVE-2024-40329 | idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/softBak_deal.php?mudi=backup | [email protected] | 8.8 | 0.32% | 2024-07-10 | 2025-04-15 |
| CVE-2024-40328 | idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/memberOnline_deal.php?mudi=del&dataType=&dataID=6 | [email protected] | 6.3 | 0.20% | 2024-07-10 | 2025-04-15 |
| CVE-2024-40038 | idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/userScore_deal.php?mudi=rev | [email protected] | 5.3 | 0.07% | 2024-07-09 | 2025-04-15 |
| CVE-2024-40036 | idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/userGroup_deal.php?mudi=add&nohrefStr=close | [email protected] | 8.8 | 0.44% | 2024-07-09 | 2025-04-15 |
| CVE-2024-40035 | idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/userLevel_deal.php?mudi=add. | [email protected] | 5.9 | 0.07% | 2024-07-09 | 2025-04-15 |
| CVE-2024-39023 | idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via admin/info_deal.php?mudi=add&nohrefStr=close | [email protected] | 8.8 | 0.15% | 2024-07-05 | 2025-04-15 |
| CVE-2024-39022 | idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/infoSys_deal.php?mudi=deal | [email protected] | 8.8 | 0.15% | 2024-07-05 | 2025-04-15 |
| CVE-2024-39021 | idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/vpsApiData_deal.php?mudi=del | [email protected] | 5.4 | 0.05% | 2024-07-05 | 2025-04-15 |
| CVE-2024-39020 | idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/vpsApiData_deal.php?mudi=rev&nohrefStr=close | [email protected] | 6.3 | 0.05% | 2024-07-05 | 2025-04-15 |
| CVE-2024-39019 | idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/idcProData_deal.php?mudi=del | [email protected] | 5.4 | 0.05% | 2024-07-05 | 2025-04-15 |
| CVE-2024-39119 | idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via admin/info_deal.php?mudi=rev&nohrefStr=close. | [email protected] | 5.4 | 0.17% | 2024-07-02 | 2025-04-15 |
| CVE-2024-39158 | idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/userSys_deal.php?mudi=infoSet. | [email protected] | 8.8 | 0.15% | 2024-06-27 | 2025-04-15 |
| CVE-2024-39157 | idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/ipRecord_deal.php?mudi=del&dataType=&dataID=1. | [email protected] | 3.8 | 0.06% | 2024-06-27 | 2025-04-15 |
| CVE-2024-39156 | idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/keyWord_deal.php?mudi=add. | [email protected] | 3.8 | 0.06% | 2024-06-27 | 2025-04-15 |