CVE-2026-30661

Published: Mar 24, 2026Modified: Mar 25, 2026

6.1

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Exploitability: 2.8 / Impact: 2.7

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

iCMS v8.0.0 contains a Cross-Site Scripting (XSS) vulnerability in the User Management component, specifically within the index.html file. This allows remote attackers to execute arbitrary web script or HTML via the regip or loginip parameters.

Affected (1)

Products: Idreamsoft: Icms

Idreamsoft

1 product

Icms

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Idreamsoft Icms	Version 8.0.0

Related CWEs

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (1)

https://wang1rrr.github.io/2026/02/09/CVE-Report-iCMS-v8.0.0-XSS/

Source: cve@mitre.org

ExploitThird Party Advisory

Timeline

No history available yet.