Vulnerabilities > Impresscms
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2015-07-01 | CVE-2014-1836 | Path Traversal vulnerability in Impresscms Absolute path traversal vulnerability in htdocs/libraries/image-editor/image-edit.php in ImpressCMS before 1.3.6 allows remote attackers to delete arbitrary files via a full pathname in the image_path parameter in a cancel action. | 6.4 |
2014-06-11 | CVE-2014-4036 | Cross-Site Scripting vulnerability in Impresscms 1.3.6.1 Cross-site scripting (XSS) vulnerability in modules/system/admin.php in ImpressCMS 1.3.6.1 allows remote attackers to inject arbitrary web script or HTML via the query parameter in a listimg action. | 4.3 |
2012-10-06 | CVE-2012-0987 | Path Traversal vulnerability in Impresscms Directory traversal vulnerability in edituser.php in ImpressCMS 1.2.x before 1.2.7 Final and 1.3.x before 1.3.1 Final allows remote authenticated users to include and execute arbitrary local files via a .. | 6.0 |
2012-10-06 | CVE-2012-0986 | Cross-Site Scripting vulnerability in Impresscms Multiple cross-site scripting (XSS) vulnerabilities in ImpressCMS 1.2.x before 1.2.7 Final and 1.3.x before 1.3.1 Final allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) notifications.php, (2) modules/system/admin/images/browser.php, and (3) modules/content/admin/content.php. | 4.3 |
2010-12-29 | CVE-2010-4616 | Cross-Site Scripting vulnerability in Impresscms Cross-site scripting (XSS) vulnerability in modules/content/admin/content.php in ImpressCMS 1.2.3 Final, and possibly other versions before 1.2.4, allows remote attackers to inject arbitrary web script or HTML via the quicksearch_ContentContent parameter. | 4.3 |
2010-11-17 | CVE-2010-4271 | SQL Injection vulnerability in Impresscms SQL injection vulnerability in ImpressCMS before 1.2.3 RC2 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
2009-03-02 | CVE-2008-6360 | Cross-Site Scripting vulnerability in Impresscms 1.0.2 Cross-site scripting (XSS) vulnerability in the userranks feature in modules/system/admin.php in ImpressCMS 1.0.2 final allows remote attackers to inject arbitrary web script or HTML via the rank_title parameter. | 4.3 |
2009-01-23 | CVE-2008-5964 | Improper Authentication vulnerability in Impresscms Session fixation vulnerability in Social ImpressCMS before 1.1.1 RC1 allows remote attackers to hijack web sessions by setting the PHPSESSID parameter. | 6.8 |
2008-08-04 | CVE-2008-3453 | Remote Security vulnerability in Impresscms 1.0 Multiple unspecified vulnerabilities in ImpressCMS 1.0 have unknown impact and attack vectors, related to modules/admin.php and "a few files." | 10.0 |