IceCMS is a content management system based on Spring Boot + Vue front-end and back-end separation . A cross-site request forgery vulnerability exists in IceCMS v2.0.1, which originates from a WEB application that does not adequately validate whether a request comes from a trusted user. An attacker can exploit this vulnerability to forge a malicious request to trick a victim into clicking on it to perform a sensitive operation.