Lucene search
K

259 matches found

CNNVD
CNNVD
added 2023/07/13 12:0 a.m.5 views

ImpressCMS 跨站脚本漏洞

ImpressCMS is a MySQL-based, modular content management system CMS. The system includes modules for press releases, forums and photo albums. A cross-site scripting vulnerability exists in ImpressCMS v1.4.5 and earlier versions, which stems from the lack of effective filtering and escaping of...

4.8CVSS6.1AI score0.00395EPSS
Exploits1References2
CVE
CVE
added 2023/07/13 12:0 a.m.52 views

CVE-2023-37785

ImpressCMS is affected: versions v1.4.5 and earlier. The XSS flaw resides in the smile_code parameter of editprofile.php, caused by insufficient input filtering/escaping. Successful exploitation enables execution of arbitrary web scripts/HTML in a logged-in user context, as described across multi...

4.8CVSS4.9AI score0.00395EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/07/13 12:0 a.m.16 views

CVE-2023-37785

A cross-site scripting XSS vulnerability in ImpressCMS v1.4.5 and before allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the smilecode parameter of the component /editprofile.php...

5.7AI score0.00395EPSS
Exploits1References1
Packet Storm
Packet Storm
added 2023/03/27 12:0 a.m.180 views

ImpressCMS 1.4.3 SQL Injection

Exploit Title: Authenticated Sql Injection in ImpressCMS v1.4.3 Exploit Author: Sarang Tumne @CyberInsane Twitter: @thecyberinsane Date: 7th March 2022 CVE ID: CVE-2022-26986 Confirmed on release 1.4.3, this vulnerability is patched in the version 1.4.4 and above... Vendor:...

8.5CVSS7AI score0.04146EPSS
Exploits4
0day.today
0day.today
added 2023/03/27 12:0 a.m.209 views

ImpressCMS v1.4.3 - Authenticated SQL Injection Vulnerability

Exploit Title: Authenticated Sql Injection in ImpressCMS v1.4.3 Exploit Author: Sarang Tumne @CyberInsane Twitter: @thecyberinsane CVE ID: CVE-2022-26986 Confirmed on release 1.4.3, this vulnerability is patched in the version 1.4.4 and above... Vendor: https://www.impresscms.org Source:...

8.5CVSS7AI score0.04146EPSS
Exploits4
Exploit DB
Exploit DB
added 2023/03/25 12:0 a.m.167 views

ImpressCMS v1.4.3 - Authenticated SQL Injection

Exploit Title: Authenticated Sql Injection in ImpressCMS v1.4.3 Exploit Author: Sarang Tumne @CyberInsane Twitter: @thecyberinsane Date: 7th March 2022 CVE ID: CVE-2022-26986 Confirmed on release 1.4.3, this vulnerability is patched in the version 1.4.4 and above... Vendor:...

8.5CVSS7AI score0.04146EPSS
Exploits4
Check Point Advisories
Check Point Advisories
added 2022/11/17 12:0 a.m.42 views

ImpressCMS Directory Traversal (CVE-2022-24977)

A directory traversal vulnerability exists in ImpressCMS. Successful exploitation of this vulnerability could allow an attacker to access arbitrary files on the affected system...

7.5CVSS5.2AI score0.06883EPSS
Exploits1
OSSF Malicious Packages
OSSF Malicious Packages
added 2022/06/20 6:20 p.m.3 views

Malicious code in @impresscms/fetlife-assets (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0aaf5018cdf58393a3c22158c2784504059026f2b4f2a9a9bb374fdcace9fe8e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
OSV
OSV
added 2022/06/20 6:20 p.m.10 views

MAL-2022-355 Malicious code in @impresscms/fetlife-assets (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0aaf5018cdf58393a3c22158c2784504059026f2b4f2a9a9bb374fdcace9fe8e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
Github Security Blog
Github Security Blog
added 2022/05/24 4:45 p.m.13 views

ImpressCMS XSS

ImpressCMS 1.3.10 has XSS via the PATHINFO to htdocs/install/index.php, htdocs/install/pagelangselect.php, or htdocs/install/pagemodcheck.php...

6.1CVSS6.3AI score0.01548EPSS
Exploits2References5Affected Software1
OSV
OSV
added 2022/05/24 4:45 p.m.12 views

GHSA-G32Q-4FHF-CQ72 ImpressCMS XSS

ImpressCMS 1.3.10 has XSS via the PATHINFO to htdocs/install/index.php, htdocs/install/pagelangselect.php, or htdocs/install/pagemodcheck.php...

6.1CVSS5.9AI score0.01548EPSS
Exploits2References5
Github Security Blog
Github Security Blog
added 2022/05/17 4:42 a.m.18 views

ImpressCMS Cross-site scripting Vulnerability

A cross-site scripting XSS vulnerability in modules/system/admin.php in ImpressCMS 1.3.6.1 allows remote attackers to inject arbitrary web script or HTML via the query parameter in a listimg action...

4.3CVSS5.6AI score0.01012EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2022/05/17 4:42 a.m.22 views

GHSA-F5JH-Q6MP-9C8P ImpressCMS Cross-site scripting Vulnerability

A cross-site scripting XSS vulnerability in modules/system/admin.php in ImpressCMS 1.3.6.1 allows remote attackers to inject arbitrary web script or HTML via the query parameter in a listimg action...

4.3CVSS5.3AI score0.01012EPSS
Exploits1References2
OSV
OSV
added 2022/05/17 4:12 a.m.12 views

GHSA-WCJ4-FF9M-5R7G ImpressCMS Path Traversal to Arbitrary File Delete

Absolute path traversal vulnerability in htdocs/libraries/image-editor/image-edit.php in ImpressCMS before 1.3.6 allows remote attackers to delete arbitrary files via a full pathname in the imagepath parameter in a cancel action...

6.4CVSS6.5AI score0.03711EPSS
Exploits3References6
Github Security Blog
Github Security Blog
added 2022/05/17 4:12 a.m.20 views

ImpressCMS Path Traversal to Arbitrary File Delete

Absolute path traversal vulnerability in htdocs/libraries/image-editor/image-edit.php in ImpressCMS before 1.3.6 allows remote attackers to delete arbitrary files via a full pathname in the imagepath parameter in a cancel action...

6.4CVSS6.9AI score0.03711EPSS
Exploits3References7Affected Software1
OSV
OSV
added 2022/05/14 2:42 a.m.22 views

GHSA-39VM-RVWH-Q86J ImpressCMS Cross-site Scripting vulnerability via quicksearch_ContentContent parameter

Cross-site scripting XSS vulnerability in modules/content/admin/content.php in ImpressCMS 1.2.3 Final, and possibly other versions before 1.2.4, allows remote attackers to inject arbitrary web script or HTML via the quicksearchContentContent parameter...

4.3CVSS5.7AI score0.01107EPSS
Exploits1References6
Github Security Blog
Github Security Blog
added 2022/05/14 2:42 a.m.14 views

ImpressCMS Cross-site Scripting vulnerability via quicksearch_ContentContent parameter

Cross-site scripting XSS vulnerability in modules/content/admin/content.php in ImpressCMS 1.2.3 Final, and possibly other versions before 1.2.4, allows remote attackers to inject arbitrary web script or HTML via the quicksearchContentContent parameter...

4.3CVSS6.2AI score0.01107EPSS
Exploits1References6Affected Software1
Packet Storm
Packet Storm
added 2022/05/11 12:0 a.m.197 views

ImpressCMS 1.4.4 Arbitrary File Upload

Exploit Title: ImpressCMS v1.4.4 - Unrestricted File Upload Date: 7/4/2022 Exploit Author: Ünsal Furkan Harani Zemarkhos Vendor Homepage: https://www.impresscms.org/ Software Link: https://github.com/ImpressCMS/impresscms Version: v1.4.4 Description: Between lines 152 and 162, we see the function...

0.5AI score
Exploits0
0day.today
0day.today
added 2022/05/11 12:0 a.m.107 views

ImpressCMS v1.4.4 - Unrestricted File Upload Vulnerability

Exploit Title: ImpressCMS v1.4.4 - Unrestricted File Upload Exploit Author: Ünsal Furkan Harani Zemarkhos Vendor Homepage: https://www.impresscms.org/ Software Link: https://github.com/ImpressCMS/impresscms Version: v1.4.4 Description: Between lines 152 and 162, we see the function...

0.6AI score
Exploits0
Exploit DB
Exploit DB
added 2022/05/11 12:0 a.m.219 views

ImpressCMS v1.4.4 - Unrestricted File Upload

Exploit Title: ImpressCMS v1.4.4 - Unrestricted File Upload Date: 7/4/2022 Exploit Author: Ünsal Furkan Harani Zemarkhos Vendor Homepage: https://www.impresscms.org/ Software Link: https://github.com/ImpressCMS/impresscms Version: v1.4.4 Description: Between lines 152 and 162, we see the function...

7.4AI score
Exploits0
Rows per page
Query Builder