259 matches found
ImpressCMS 跨站脚本漏洞
ImpressCMS is a MySQL-based, modular content management system CMS. The system includes modules for press releases, forums and photo albums. A cross-site scripting vulnerability exists in ImpressCMS v1.4.5 and earlier versions, which stems from the lack of effective filtering and escaping of...
CVE-2023-37785
ImpressCMS is affected: versions v1.4.5 and earlier. The XSS flaw resides in the smile_code parameter of editprofile.php, caused by insufficient input filtering/escaping. Successful exploitation enables execution of arbitrary web scripts/HTML in a logged-in user context, as described across multi...
CVE-2023-37785
A cross-site scripting XSS vulnerability in ImpressCMS v1.4.5 and before allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the smilecode parameter of the component /editprofile.php...
ImpressCMS 1.4.3 SQL Injection
Exploit Title: Authenticated Sql Injection in ImpressCMS v1.4.3 Exploit Author: Sarang Tumne @CyberInsane Twitter: @thecyberinsane Date: 7th March 2022 CVE ID: CVE-2022-26986 Confirmed on release 1.4.3, this vulnerability is patched in the version 1.4.4 and above... Vendor:...
ImpressCMS v1.4.3 - Authenticated SQL Injection Vulnerability
Exploit Title: Authenticated Sql Injection in ImpressCMS v1.4.3 Exploit Author: Sarang Tumne @CyberInsane Twitter: @thecyberinsane CVE ID: CVE-2022-26986 Confirmed on release 1.4.3, this vulnerability is patched in the version 1.4.4 and above... Vendor: https://www.impresscms.org Source:...
ImpressCMS v1.4.3 - Authenticated SQL Injection
Exploit Title: Authenticated Sql Injection in ImpressCMS v1.4.3 Exploit Author: Sarang Tumne @CyberInsane Twitter: @thecyberinsane Date: 7th March 2022 CVE ID: CVE-2022-26986 Confirmed on release 1.4.3, this vulnerability is patched in the version 1.4.4 and above... Vendor:...
ImpressCMS Directory Traversal (CVE-2022-24977)
A directory traversal vulnerability exists in ImpressCMS. Successful exploitation of this vulnerability could allow an attacker to access arbitrary files on the affected system...
Malicious code in @impresscms/fetlife-assets (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0aaf5018cdf58393a3c22158c2784504059026f2b4f2a9a9bb374fdcace9fe8e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-355 Malicious code in @impresscms/fetlife-assets (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0aaf5018cdf58393a3c22158c2784504059026f2b4f2a9a9bb374fdcace9fe8e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
ImpressCMS XSS
ImpressCMS 1.3.10 has XSS via the PATHINFO to htdocs/install/index.php, htdocs/install/pagelangselect.php, or htdocs/install/pagemodcheck.php...
GHSA-G32Q-4FHF-CQ72 ImpressCMS XSS
ImpressCMS 1.3.10 has XSS via the PATHINFO to htdocs/install/index.php, htdocs/install/pagelangselect.php, or htdocs/install/pagemodcheck.php...
ImpressCMS Cross-site scripting Vulnerability
A cross-site scripting XSS vulnerability in modules/system/admin.php in ImpressCMS 1.3.6.1 allows remote attackers to inject arbitrary web script or HTML via the query parameter in a listimg action...
GHSA-F5JH-Q6MP-9C8P ImpressCMS Cross-site scripting Vulnerability
A cross-site scripting XSS vulnerability in modules/system/admin.php in ImpressCMS 1.3.6.1 allows remote attackers to inject arbitrary web script or HTML via the query parameter in a listimg action...
GHSA-WCJ4-FF9M-5R7G ImpressCMS Path Traversal to Arbitrary File Delete
Absolute path traversal vulnerability in htdocs/libraries/image-editor/image-edit.php in ImpressCMS before 1.3.6 allows remote attackers to delete arbitrary files via a full pathname in the imagepath parameter in a cancel action...
ImpressCMS Path Traversal to Arbitrary File Delete
Absolute path traversal vulnerability in htdocs/libraries/image-editor/image-edit.php in ImpressCMS before 1.3.6 allows remote attackers to delete arbitrary files via a full pathname in the imagepath parameter in a cancel action...
GHSA-39VM-RVWH-Q86J ImpressCMS Cross-site Scripting vulnerability via quicksearch_ContentContent parameter
Cross-site scripting XSS vulnerability in modules/content/admin/content.php in ImpressCMS 1.2.3 Final, and possibly other versions before 1.2.4, allows remote attackers to inject arbitrary web script or HTML via the quicksearchContentContent parameter...
ImpressCMS Cross-site Scripting vulnerability via quicksearch_ContentContent parameter
Cross-site scripting XSS vulnerability in modules/content/admin/content.php in ImpressCMS 1.2.3 Final, and possibly other versions before 1.2.4, allows remote attackers to inject arbitrary web script or HTML via the quicksearchContentContent parameter...
ImpressCMS 1.4.4 Arbitrary File Upload
Exploit Title: ImpressCMS v1.4.4 - Unrestricted File Upload Date: 7/4/2022 Exploit Author: Ünsal Furkan Harani Zemarkhos Vendor Homepage: https://www.impresscms.org/ Software Link: https://github.com/ImpressCMS/impresscms Version: v1.4.4 Description: Between lines 152 and 162, we see the function...
ImpressCMS v1.4.4 - Unrestricted File Upload Vulnerability
Exploit Title: ImpressCMS v1.4.4 - Unrestricted File Upload Exploit Author: Ünsal Furkan Harani Zemarkhos Vendor Homepage: https://www.impresscms.org/ Software Link: https://github.com/ImpressCMS/impresscms Version: v1.4.4 Description: Between lines 152 and 162, we see the function...
ImpressCMS v1.4.4 - Unrestricted File Upload
Exploit Title: ImpressCMS v1.4.4 - Unrestricted File Upload Date: 7/4/2022 Exploit Author: Ünsal Furkan Harani Zemarkhos Vendor Homepage: https://www.impresscms.org/ Software Link: https://github.com/ImpressCMS/impresscms Version: v1.4.4 Description: Between lines 152 and 162, we see the function...