Impresscms : Security Vulnerabilities, CVEs, (XSS)
A cross-site scripting (XSS) vulnerability in ImpressCMS v1.4.5 and before allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the smile_code parameter of the component /editprofile.php.
Max CVSS
4.8
EPSS Score
0.05%
Published
2023-07-13
Updated
2023-07-21
Cross-site scripting (XSS) in modules/content/admin/content.php in ImpressCMS profile 1.4.2 allows remote attackers to inject arbitrary web script or HTML parameters through the "Display Name" field.
Max CVSS
5.4
EPSS Score
0.06%
Published
2021-03-11
Updated
2021-03-12
ImpressCMS 1.4.0 is affected by XSS in modules/system/admin.php which may result in arbitrary remote code execution.
Max CVSS
4.8
EPSS Score
0.09%
Published
2020-10-07
Updated
2020-10-14
ImpressCMS 1.3.10 has XSS via the PATH_INFO to htdocs/install/index.php, htdocs/install/page_langselect.php, or htdocs/install/page_modcheck.php.
Max CVSS
6.1
EPSS Score
1.13%
Published
2019-05-06
Updated
2019-05-07
Cross-site scripting (XSS) vulnerability in modules/system/admin.php in ImpressCMS 1.3.6.1 allows remote attackers to inject arbitrary web script or HTML via the query parameter in a listimg action.
Max CVSS
4.3
EPSS Score
0.12%
Published
2014-06-11
Updated
2014-06-12
Multiple cross-site scripting (XSS) vulnerabilities in ImpressCMS 1.2.x before 1.2.7 Final and 1.3.x before 1.3.1 Final allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) notifications.php, (2) modules/system/admin/images/browser.php, and (3) modules/content/admin/content.php.
Max CVSS
4.3
EPSS Score
0.49%
Published
2012-10-06
Updated
2017-08-29
Cross-site scripting (XSS) vulnerability in modules/content/admin/content.php in ImpressCMS 1.2.3 Final, and possibly other versions before 1.2.4, allows remote attackers to inject arbitrary web script or HTML via the quicksearch_ContentContent parameter.
Max CVSS
4.3
EPSS Score
0.22%
Published
2010-12-29
Updated
2018-10-10
Cross-site scripting (XSS) vulnerability in the userranks feature in modules/system/admin.php in ImpressCMS 1.0.2 final allows remote attackers to inject arbitrary web script or HTML via the rank_title parameter. NOTE: some of these details are obtained from third party information.
Max CVSS
4.3
EPSS Score
0.22%
Published
2009-03-02
Updated
2017-08-17
8 vulnerabilities found