Session Fixation in GitHub repository instantsoft/icms2 prior to 2.16.1.
Server-Side Request Forgery (SSRF) in GitHub repository instantsoft/icms2 prior to 2.16.1-git.
Cross-site Scripting (XSS) - Reflected in GitHub repository instantsoft/icms2 prior to 2.16.1.
Unverified Password Change in GitHub repository pimcore/admin-ui-classic-bundle prior to 1.2.0.