Vulnerabilities > Impresscms

DATE	CVE	VULNERABILITY TITLE	RISK
2023-07-13	CVE-2023-37785	Cross-site Scripting vulnerability in Impresscms A cross-site scripting (XSS) vulnerability in ImpressCMS v1.4.5 and before allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the smile_code parameter of the component /editprofile.php. network low complexity impresscms CWE-79	4.8
2022-04-05	CVE-2022-26986	SQL Injection vulnerability in Impresscms SQL Injection in ImpressCMS 1.4.3 and earlier allows remote attackers to inject into the code in unintended way, this allows an attacker to read and modify the sensitive information from the database used by the application. network low complexity impresscms CWE-89	7.2
2022-03-28	CVE-2021-26598	Improper Authentication vulnerability in Impresscms ImpressCMS before 1.4.3 has Incorrect Access Control because include/findusers.php allows access by unauthenticated attackers (who are, by design, able to have a security token). network low complexity impresscms CWE-287	5.3
2022-03-28	CVE-2021-26599	SQL Injection vulnerability in Impresscms ImpressCMS before 1.4.3 allows include/findusers.php groups SQL Injection. network low complexity impresscms CWE-89 critical	9.8
2022-03-28	CVE-2021-26600	Type Confusion vulnerability in Impresscms ImpressCMS before 1.4.3 has plugins/preloads/autologin.php type confusion with resultant Authentication Bypass (!= instead of !==). network low complexity impresscms CWE-843 critical	9.8
2022-03-28	CVE-2021-26601	Path Traversal vulnerability in Impresscms ImpressCMS before 1.4.3 allows libraries/image-editor/image-edit.php image_temp Directory Traversal. network low complexity impresscms CWE-22	8.1
2022-02-14	CVE-2022-24977	Path Traversal vulnerability in Impresscms ImpressCMS before 1.4.2 allows unauthenticated remote code execution via ...../// directory traversal in origName or imageName, leading to unsafe interaction with the CKEditor processImage.php script. network low complexity impresscms CWE-22 critical	9.8
2021-03-11	CVE-2021-28088	Cross-site Scripting vulnerability in Impresscms 1.4.2 Cross-site scripting (XSS) in modules/content/admin/content.php in ImpressCMS profile 1.4.2 allows remote attackers to inject arbitrary web script or HTML parameters through the "Display Name" field. network low complexity impresscms CWE-79	5.4
2020-10-07	CVE-2020-17551	Cross-site Scripting vulnerability in Impresscms 1.4.0 ImpressCMS 1.4.0 is affected by XSS in modules/system/admin.php which may result in arbitrary remote code execution. network low complexity impresscms CWE-79	4.8
2019-05-06	CVE-2018-13983	Cross-site Scripting vulnerability in Impresscms 1.3.10 ImpressCMS 1.3.10 has XSS via the PATH_INFO to htdocs/install/index.php, htdocs/install/page_langselect.php, or htdocs/install/page_modcheck.php. network low complexity impresscms CWE-79	6.1

Vulnerabilities > Impresscms {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Impresscms"}]}

Vulnerabilities > Impresscms