CVE-2026-30661
Cross-Site Scripting in iCMS v8.0.0 User Management
Publication date: 2026-03-24
Last updated on: 2026-03-25
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| idreamsoft | icms | 8.0.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
[{'type': 'paragraph', 'content': 'CVE-2026-30661 is a Reflected Cross-Site Scripting (XSS) vulnerability found in iCMS version 8.0.0, specifically in the User Management module within the file app/user/views/index.html.'}, {'type': 'paragraph', 'content': "The vulnerability occurs because the application directly inserts the GET parameters 'regip' and 'loginip' into HTML input elements' value attributes without proper sanitization or escaping."}, {'type': 'paragraph', 'content': "This improper handling allows attackers to inject arbitrary HTML or JavaScript code by breaking out of the value attribute context, enabling execution of malicious scripts in the administrator's browser."}, {'type': 'paragraph', 'content': "For example, an attacker can craft a URL that includes a script tag in the 'regip' parameter, which when accessed, executes the injected script."}] [1]
How can this vulnerability impact me? :
[{'type': 'paragraph', 'content': 'This vulnerability can have several impacts including:'}, {'type': 'list_item', 'content': "Execution of arbitrary JavaScript in the administrator's browser."}, {'type': 'list_item', 'content': 'Redirecting administrators to malicious websites.'}, {'type': 'list_item', 'content': 'Performing Cross-Site Request Forgery (CSRF) actions via injected JavaScript.'}, {'type': 'list_item', 'content': 'Displaying phishing forms to steal administrator credentials.'}, {'type': 'paragraph', 'content': 'Although cookie theft via document.cookie is mitigated by the HttpOnly flag in this version, other significant XSS impacts remain possible.'}] [1]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability can be detected by testing the User Management component of iCMS v8.0.0, specifically by checking if the regip or loginip GET parameters are improperly reflected in the HTML without sanitization.'}, {'type': 'paragraph', 'content': "A practical detection method is to craft a URL with a script injection payload in the regip or loginip parameters and observe if the script executes in the administrator's browser."}, {'type': 'paragraph', 'content': 'For example, you can use curl or a browser to request a URL like:'}, {'type': 'list_item', 'content': 'http://<target-host>/admincp.php?app=user®ip=\\"><script>alert(1)</script>'}, {'type': 'paragraph', 'content': 'If the alert box appears or the script executes, the vulnerability is present.'}] [1]
What immediate steps should I take to mitigate this vulnerability?
[{'type': 'paragraph', 'content': 'The immediate mitigation step is to sanitize the input parameters regip and loginip before outputting them into the HTML.'}, {'type': 'paragraph', 'content': 'Specifically, apply escaping functions such as htmlspecialchars() in PHP to these parameters to prevent injection of arbitrary HTML or JavaScript.'}, {'type': 'paragraph', 'content': 'For example, modify the code to:'}, {'type': 'list_item', 'content': '<input type="text" ... value="<?php echo htmlspecialchars($_GET[\'regip\']); ?>" />'}, {'type': 'paragraph', 'content': 'This ensures special characters are escaped and script injection is prevented.'}] [1]