2 matches found
ImpressCMS: Stored XSS on 1.4.0
Summary: The hacker AppleBois on Jun 19, 2020 has raise this Stored Stored Cross Site Scripting on GitHub and it has fixed on Jul 7, 2020. The hacker now raise the issue to Hackerone. Furthermore, this issue can now tracked under CVE-2020-17551. ImpressCMS branch : 1.4.0 Steps To Reproduce: 1...
CVE-2020-17551
ImpressCMS 1.4.0 is affected by a stored XSS in modules/system/admin.php (CVE-2020-17551), described as potentially enabling arbitrary remote code execution. The HackerOne report confirms stored XSS with exploit example paths, and Red Hat/CVE sources also reference the same issue. The root cause ...