A cross-site scripting (XSS) vulnerability in ImpressCMS v1.4.5 and before allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the smile_code parameter of the component /editprofile.php.
Max CVSS
4.8
EPSS Score
0.05%
Published
2023-07-13
Updated
2023-07-21
Cross-site scripting (XSS) in modules/content/admin/content.php in ImpressCMS profile 1.4.2 allows remote attackers to inject arbitrary web script or HTML parameters through the "Display Name" field.
Max CVSS
5.4
EPSS Score
0.06%
Published
2021-03-11
Updated
2021-03-12
ImpressCMS 1.4.0 is affected by XSS in modules/system/admin.php which may result in arbitrary remote code execution.
Max CVSS
4.8
EPSS Score
0.09%
Published
2020-10-07
Updated
2020-10-14
ImpressCMS 1.3.10 has XSS via the PATH_INFO to htdocs/install/index.php, htdocs/install/page_langselect.php, or htdocs/install/page_modcheck.php.
Max CVSS
6.1
EPSS Score
1.13%
Published
2019-05-06
Updated
2019-05-07
Cross-site scripting (XSS) vulnerability in modules/system/admin.php in ImpressCMS 1.3.6.1 allows remote attackers to inject arbitrary web script or HTML via the query parameter in a listimg action.
Max CVSS
4.3
EPSS Score
0.12%
Published
2014-06-11
Updated
2014-06-12
Multiple cross-site scripting (XSS) vulnerabilities in ImpressCMS 1.2.x before 1.2.7 Final and 1.3.x before 1.3.1 Final allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) notifications.php, (2) modules/system/admin/images/browser.php, and (3) modules/content/admin/content.php.
Max CVSS
4.3
EPSS Score
0.49%
Published
2012-10-06
Updated
2017-08-29
Cross-site scripting (XSS) vulnerability in modules/content/admin/content.php in ImpressCMS 1.2.3 Final, and possibly other versions before 1.2.4, allows remote attackers to inject arbitrary web script or HTML via the quicksearch_ContentContent parameter.
Max CVSS
4.3
EPSS Score
0.22%
Published
2010-12-29
Updated
2018-10-10
Cross-site scripting (XSS) vulnerability in the userranks feature in modules/system/admin.php in ImpressCMS 1.0.2 final allows remote attackers to inject arbitrary web script or HTML via the rank_title parameter. NOTE: some of these details are obtained from third party information.
Max CVSS
4.3
EPSS Score
0.22%
Published
2009-03-02
Updated
2017-08-17
8 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!