Vulnerabilities > Impresscms > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-07-13 | CVE-2023-37785 | Cross-site Scripting vulnerability in Impresscms A cross-site scripting (XSS) vulnerability in ImpressCMS v1.4.5 and before allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the smile_code parameter of the component /editprofile.php. | 4.8 |
| 2022-03-28 | CVE-2021-26598 | Improper Authentication vulnerability in Impresscms ImpressCMS before 1.4.3 has Incorrect Access Control because include/findusers.php allows access by unauthenticated attackers (who are, by design, able to have a security token). | 5.3 |
| 2021-03-11 | CVE-2021-28088 | Cross-site Scripting vulnerability in Impresscms 1.4.2 Cross-site scripting (XSS) in modules/content/admin/content.php in ImpressCMS profile 1.4.2 allows remote attackers to inject arbitrary web script or HTML parameters through the "Display Name" field. | 5.4 |
| 2020-10-07 | CVE-2020-17551 | Cross-site Scripting vulnerability in Impresscms 1.4.0 ImpressCMS 1.4.0 is affected by XSS in modules/system/admin.php which may result in arbitrary remote code execution. | 4.8 |
| 2019-05-06 | CVE-2018-13983 | Cross-site Scripting vulnerability in Impresscms 1.3.10 ImpressCMS 1.3.10 has XSS via the PATH_INFO to htdocs/install/index.php, htdocs/install/page_langselect.php, or htdocs/install/page_modcheck.php. | 6.1 |