Vulnerabilities > Impresscms > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-07-13 | CVE-2023-37785 | Cross-site Scripting vulnerability in Impresscms A cross-site scripting (XSS) vulnerability in ImpressCMS v1.4.5 and before allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the smile_code parameter of the component /editprofile.php. | 4.8 |
| 2022-03-28 | CVE-2021-26598 | Improper Authentication vulnerability in Impresscms ImpressCMS before 1.4.3 has Incorrect Access Control because include/findusers.php allows access by unauthenticated attackers (who are, by design, able to have a security token). | 5.0 |
| 2022-03-28 | CVE-2021-26601 | Path Traversal vulnerability in Impresscms ImpressCMS before 1.4.3 allows libraries/image-editor/image-edit.php image_temp Directory Traversal. | 5.5 |
| 2019-05-06 | CVE-2018-13983 | Cross-site Scripting vulnerability in Impresscms 1.3.10 ImpressCMS 1.3.10 has XSS via the PATH_INFO to htdocs/install/index.php, htdocs/install/page_langselect.php, or htdocs/install/page_modcheck.php. | 4.3 |
| 2015-07-01 | CVE-2014-1836 | Path Traversal vulnerability in Impresscms Absolute path traversal vulnerability in htdocs/libraries/image-editor/image-edit.php in ImpressCMS before 1.3.6 allows remote attackers to delete arbitrary files via a full pathname in the image_path parameter in a cancel action. | 6.4 |
| 2014-06-11 | CVE-2014-4036 | Cross-Site Scripting vulnerability in Impresscms 1.3.6.1 Cross-site scripting (XSS) vulnerability in modules/system/admin.php in ImpressCMS 1.3.6.1 allows remote attackers to inject arbitrary web script or HTML via the query parameter in a listimg action. | 4.3 |
| 2012-10-06 | CVE-2012-0987 | Path Traversal vulnerability in Impresscms Directory traversal vulnerability in edituser.php in ImpressCMS 1.2.x before 1.2.7 Final and 1.3.x before 1.3.1 Final allows remote authenticated users to include and execute arbitrary local files via a .. | 6.0 |
| 2012-10-06 | CVE-2012-0986 | Cross-Site Scripting vulnerability in Impresscms Multiple cross-site scripting (XSS) vulnerabilities in ImpressCMS 1.2.x before 1.2.7 Final and 1.3.x before 1.3.1 Final allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) notifications.php, (2) modules/system/admin/images/browser.php, and (3) modules/content/admin/content.php. | 4.3 |
| 2010-12-29 | CVE-2010-4616 | Cross-Site Scripting vulnerability in Impresscms Cross-site scripting (XSS) vulnerability in modules/content/admin/content.php in ImpressCMS 1.2.3 Final, and possibly other versions before 1.2.4, allows remote attackers to inject arbitrary web script or HTML via the quicksearch_ContentContent parameter. | 4.3 |
| 2009-03-02 | CVE-2008-6360 | Cross-Site Scripting vulnerability in Impresscms 1.0.2 Cross-site scripting (XSS) vulnerability in the userranks feature in modules/system/admin.php in ImpressCMS 1.0.2 final allows remote attackers to inject arbitrary web script or HTML via the rank_title parameter. | 4.3 |