彙總 icecoder 相關全部產品的 CVE 與安全漏洞情報,包括 CVSS、EPSS、公開時間與漏洞情報資料。
歷史漏洞主要涉及 跨站腳本與路徑處理缺陷 等問題,部分漏洞可能導致 檔案覆寫,並影響 生產負載與軟體部署 相關場景。
相關漏洞資料主要來源於公開漏洞披露與安全公告,可用於評估歷史漏洞暴露面與修補優先順序。
| CVE | 摘要 | 來源 | 最高 CVSS | EPSS % | 公開時間 | 更新時間 |
|---|---|---|---|---|---|---|
| CVE-2024-41375 | ICEcoder 8.1 is vulnerable to Cross Site Scripting (XSS) via lib/terminal-xhr.php | [email protected] | 6.1 | 0.24% | 2024-07-26 | 2025-04-22 |
| CVE-2024-41374 | ICEcoder 8.1 is vulnerable to Cross Site Scripting (XSS) via lib/settings-screen.php | [email protected] | 6.1 | 0.18% | 2024-07-26 | 2025-04-22 |
| CVE-2024-41373 | ICEcoder 8.1 contains a Path Traversal vulnerability via lib/backup-versions-preview-loader.php. | [email protected] | 6.3 | 0.16% | 2024-07-26 | 2025-04-22 |
| CVE-2022-34026 | ICEcoder v8.1 allows attackers to execute a directory traversal. | [email protected] | 7.5 | 1.03% | 2022-09-22 | 2025-05-27 |
| CVE-2021-3862 | icecoder is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | [email protected] | 4.8 | 0.25% | 2022-01-17 | 2024-11-21 |
| CVE-2021-32106 | In ICEcoder 8.0 allows, a reflected XSS vulnerability was identified in the multipe-results.php page due to insufficient sanitization of the _GET['replace'] variable. As a result, arbitrary Javascript code can get executed. | [email protected] | 5.4 | 0.24% | 2021-06-08 | 2024-11-21 |