CVE-2026-30661

Name of the Vulnerable Software and Affected Versions iCMS version 8.0.0

Description The iCMS software contains a Cross-Site Scripting (XSS) issue in the User Management component. The issue is located within the index.html file and allows remote attackers to execute arbitrary web script or HTML. The attack vector involves the regip or loginip parameters.

Recommendations Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, sanitize the regip and loginip parameters before processing them.