Vulnerabilities > Impresscms

DATE CVE VULNERABILITY TITLE RISK
2015-07-01 CVE-2014-1836 Path Traversal vulnerability in Impresscms
Absolute path traversal vulnerability in htdocs/libraries/image-editor/image-edit.php in ImpressCMS before 1.3.6 allows remote attackers to delete arbitrary files via a full pathname in the image_path parameter in a cancel action.
network
low complexity
impresscms CWE-22
6.4
2014-06-11 CVE-2014-4036 Cross-Site Scripting vulnerability in Impresscms 1.3.6.1
Cross-site scripting (XSS) vulnerability in modules/system/admin.php in ImpressCMS 1.3.6.1 allows remote attackers to inject arbitrary web script or HTML via the query parameter in a listimg action.
network
impresscms CWE-79
4.3
2012-10-06 CVE-2012-0987 Path Traversal vulnerability in Impresscms
Directory traversal vulnerability in edituser.php in ImpressCMS 1.2.x before 1.2.7 Final and 1.3.x before 1.3.1 Final allows remote authenticated users to include and execute arbitrary local files via a ..
network
impresscms CWE-22
6.0
2012-10-06 CVE-2012-0986 Cross-Site Scripting vulnerability in Impresscms
Multiple cross-site scripting (XSS) vulnerabilities in ImpressCMS 1.2.x before 1.2.7 Final and 1.3.x before 1.3.1 Final allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) notifications.php, (2) modules/system/admin/images/browser.php, and (3) modules/content/admin/content.php.
network
impresscms CWE-79
4.3
2010-12-29 CVE-2010-4616 Cross-Site Scripting vulnerability in Impresscms
Cross-site scripting (XSS) vulnerability in modules/content/admin/content.php in ImpressCMS 1.2.3 Final, and possibly other versions before 1.2.4, allows remote attackers to inject arbitrary web script or HTML via the quicksearch_ContentContent parameter.
network
impresscms CWE-79
4.3
2010-11-17 CVE-2010-4271 SQL Injection vulnerability in Impresscms
SQL injection vulnerability in ImpressCMS before 1.2.3 RC2 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
network
low complexity
impresscms CWE-89
7.5
2009-03-02 CVE-2008-6360 Cross-Site Scripting vulnerability in Impresscms 1.0.2
Cross-site scripting (XSS) vulnerability in the userranks feature in modules/system/admin.php in ImpressCMS 1.0.2 final allows remote attackers to inject arbitrary web script or HTML via the rank_title parameter.
network
impresscms CWE-79
4.3
2009-01-23 CVE-2008-5964 Improper Authentication vulnerability in Impresscms
Session fixation vulnerability in Social ImpressCMS before 1.1.1 RC1 allows remote attackers to hijack web sessions by setting the PHPSESSID parameter.
6.8
2008-08-04 CVE-2008-3453 Remote Security vulnerability in Impresscms 1.0
Multiple unspecified vulnerabilities in ImpressCMS 1.0 have unknown impact and attack vectors, related to modules/admin.php and "a few files."
network
low complexity
impresscms
critical
10.0