{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2026-30661", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2026-03-24T18:47:24.865Z", "dateReserved": "2026-03-04T00:00:00.000Z", "datePublished": "2026-03-24T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-03-24T14:32:06.267Z"}, "descriptions": [{"lang": "en", "value": "iCMS v8.0.0 contains a Cross-Site Scripting (XSS) vulnerability in the User Management component, specifically within the index.html file. This allows remote attackers to execute arbitrary web script or HTML via the regip or loginip parameters."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://wang1rrr.github.io/2026/02/09/CVE-Report-iCMS-v8.0.0-XSS/"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-79", "lang": "en", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}]}], "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-03-24T18:47:03.795966Z", "id": "CVE-2026-30661", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-24T18:47:24.865Z"}}]}, "dataVersion": "5.2"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2026-30661", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-24T18:47:03.795966Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-24T18:47:20.341Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://wang1rrr.github.io/2026/02/09/CVE-Report-iCMS-v8.0.0-XSS/"}], "descriptions": [{"lang": "en", "value": "iCMS v8.0.0 contains a Cross-Site Scripting (XSS) vulnerability in the User Management component, specifically within the index.html file. This allows remote attackers to execute arbitrary web script or HTML via the regip or loginip parameters."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-03-24T14:32:06.267Z"}}}, "cveMetadata": {"cveId": "CVE-2026-30661", "state": "PUBLISHED", "dateUpdated": "2026-03-24T18:47:24.865Z", "dateReserved": "2026-03-04T00:00:00.000Z", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2026-03-24T00:00:00.000Z", "assignerShortName": "mitre"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:idreamsoft:icms:8.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "B7299423-99C7-42AB-9AEE-21329873F4C2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "iCMS v8.0.0 contains a Cross-Site Scripting (XSS) vulnerability in the User Management component, specifically within the index.html file. This allows remote attackers to execute arbitrary web script or HTML via the regip or loginip parameters."}], "id": "CVE-2026-30661", "lastModified": "2026-03-25T20:53:28.350", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-03-24T15:16:34.350", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://wang1rrr.github.io/2026/02/09/CVE-Report-iCMS-v8.0.0-XSS/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "8.0.0"}}], "enrichment": {"confidence": 80.0, "confidence_source": "inferred", "scores": [{"score": 80.0, "source": "inferred"}]}, "product": "icms", "vendor": "icms"}], "analysis": {"en": {"generated_at": "2026-03-25T23:52:38.552932+00:00", "value": {"mitigation_remediation": ["Acquire and apply the official vendor patch for iCMS or upgrade to a protected version that removes the vulnerable parameters.", "If a patch is not yet available, configure the web server or application firewall to block or reject requests that contain regip or loginip query parameters.", "Sanitize and HTML\u2011encode any user\u2011supplied data before rendering it in the browser to prevent XSS injection.", "Consider deploying a web application firewall rule that detects and mitigates typical XSS payloads targeting the affected parameters.", "Regularly review web application logs for anomalous requests containing XSS payload patterns and verify that mitigation measures remain effective."], "summary": {"action": "Immediate Patch", "impact": "Cross\u2011Site Scripting allowing arbitrary web script injection"}, "threat_synthesis": {"affected_systems": "The affected product is idreamsoft iCMS version 8.0.0. No other vendors or product variants are listed as impacted.", "description_and_impact": "iCMS v8.0.0 contains a reflected cross\u2011site scripting flaw in the User Management component. The vulnerability is triggered through the regip or loginip parameters in the index.html interface, enabling a remote attacker to inject and execute arbitrary HTML or JavaScript in the browser of any user who visits the compromised page. Such exploitation can lead to session hijacking, cookie theft, defacement, or delivery of malicious payloads to unsuspecting users.", "risk_and_exploitability": "With a CVSS score of 6.1 the issue is considered moderate severity. The EPSS score is below 1\u202f% and the vulnerability is not catalogued in the CISA KEV list, suggesting low likelihood of widespread active exploitation. Based on the description the attacker can trigger the flaw from any external location by sending a crafted HTTP request containing malicious content in the regip or loginip parameters, without requiring authentication or privileged access."}}}}, "created": "2026-03-25T11:49:02.507388+00:00", "title": "Cross\u2011Site Scripting via regip/Loginip Parameters in iCMS v8.0.0", "updated": "2026-03-26T12:20:30.525924+00:00", "vendors": ["icms", "icms$PRODUCT$icms"]}