Search
Total
13 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-24977 | 1 Impresscms | 1 Impresscms | 2022-02-24 | 7.5 HIGH | 9.8 CRITICAL |
| ImpressCMS before 1.4.2 allows unauthenticated remote code execution via ...../// directory traversal in origName or imageName, leading to unsafe interaction with the CKEditor processImage.php script. The payload may be placed in PHP_SESSION_UPLOAD_PROGRESS when the PHP installation supports upload_progress. | |||||
| CVE-2021-28088 | 1 Impresscms | 1 Impresscms | 2021-03-12 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) in modules/content/admin/content.php in ImpressCMS profile 1.4.2 allows remote attackers to inject arbitrary web script or HTML parameters through the "Display Name" field. | |||||
| CVE-2020-17551 | 1 Impresscms | 1 Impresscms | 2020-10-14 | 3.5 LOW | 4.8 MEDIUM |
| ImpressCMS 1.4.0 is affected by XSS in modules/system/admin.php which may result in arbitrary remote code execution. | |||||
| CVE-2018-13983 | 1 Impresscms | 1 Impresscms | 2019-05-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| ImpressCMS 1.3.10 has XSS via the PATH_INFO to htdocs/install/index.php, htdocs/install/page_langselect.php, or htdocs/install/page_modcheck.php. | |||||
| CVE-2008-5964 | 1 Impresscms | 1 Impresscms | 2018-10-11 | 6.8 MEDIUM | N/A |
| Session fixation vulnerability in Social ImpressCMS before 1.1.1 RC1 allows remote attackers to hijack web sessions by setting the PHPSESSID parameter. | |||||
| CVE-2010-4616 | 1 Impresscms | 1 Impresscms | 2018-10-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in modules/content/admin/content.php in ImpressCMS 1.2.3 Final, and possibly other versions before 1.2.4, allows remote attackers to inject arbitrary web script or HTML via the quicksearch_ContentContent parameter. | |||||
| CVE-2012-0987 | 1 Impresscms | 1 Impresscms | 2017-12-01 | 6.0 MEDIUM | N/A |
| Directory traversal vulnerability in edituser.php in ImpressCMS 1.2.x before 1.2.7 Final and 1.3.x before 1.3.1 Final allows remote authenticated users to include and execute arbitrary local files via a .. (dot dot) in the icmsConfigPlugins[sanitizer_plugins][] parameter. | |||||
| CVE-2012-0986 | 1 Impresscms | 1 Impresscms | 2017-08-29 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in ImpressCMS 1.2.x before 1.2.7 Final and 1.3.x before 1.3.1 Final allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) notifications.php, (2) modules/system/admin/images/browser.php, and (3) modules/content/admin/content.php. | |||||
| CVE-2008-6360 | 1 Impresscms | 1 Impresscms | 2017-08-17 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the userranks feature in modules/system/admin.php in ImpressCMS 1.0.2 final allows remote attackers to inject arbitrary web script or HTML via the rank_title parameter. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-3453 | 1 Impresscms | 1 Impresscms | 2017-08-08 | 10.0 HIGH | N/A |
| Multiple unspecified vulnerabilities in ImpressCMS 1.0 have unknown impact and attack vectors, related to modules/admin.php and "a few files." | |||||
| CVE-2014-1836 | 1 Impresscms | 1 Impresscms | 2015-07-02 | 6.4 MEDIUM | N/A |
| Absolute path traversal vulnerability in htdocs/libraries/image-editor/image-edit.php in ImpressCMS before 1.3.6 allows remote attackers to delete arbitrary files via a full pathname in the image_path parameter in a cancel action. | |||||
| CVE-2014-4036 | 1 Impresscms | 1 Impresscms | 2014-06-12 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in modules/system/admin.php in ImpressCMS 1.3.6.1 allows remote attackers to inject arbitrary web script or HTML via the query parameter in a listimg action. | |||||
| CVE-2010-4271 | 1 Impresscms | 1 Impresscms | 2010-11-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in ImpressCMS before 1.2.3 RC2 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||