Page 3 of 19 results (0.009 seconds)

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 1

Cross-site scripting (XSS) vulnerability in modules/system/admin.php in ImpressCMS 1.3.6.1 allows remote attackers to inject arbitrary web script or HTML via the query parameter in a listimg action. Vulnerabilidad de XSS en modules/system/admin.php en ImpressCMS 1.3.6.1 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del parámetro de consulta en una acción listimg. • http://packetstormsecurity.com/files/126909/ImpressCMS-1.3.6.1-Cross-Site-Scripting.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.4EPSS: 23%CPEs: 1EXPL: 2

Absolute path traversal vulnerability in htdocs/libraries/image-editor/image-edit.php in ImpressCMS before 1.3.6 allows remote attackers to delete arbitrary files via a full pathname in the image_path parameter in a cancel action. Vulnerabilidad de salto de ruta absoluta en htdocs/libraries/image-editor/image-edit.php en ImpressCMS anterior a 1.3.6 permite a atacantes remotos eliminar ficheros arbitrarios a través de un nombre de ruta completo en el parámetro image_path en una acción de cancelar. ImpressCMS version 1.3.5 suffers from arbitrary file deletion and cross site scripting vulnerabilities. • https://www.exploit-db.com/exploits/31431 http://community.impresscms.org/modules/smartsection/item.php?itemid=675 http://osvdb.org/show/osvdb/102770 http://seclists.org/fulldisclosure/2014/Feb/14 http://www.securityfocus.com/bid/65279 https://github.com/pedrib/PoC/blob/master/generic/impresscms-1.3.5.txt • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 6.0EPSS: 1%CPEs: 17EXPL: 2

Directory traversal vulnerability in edituser.php in ImpressCMS 1.2.x before 1.2.7 Final and 1.3.x before 1.3.1 Final allows remote authenticated users to include and execute arbitrary local files via a .. (dot dot) in the icmsConfigPlugins[sanitizer_plugins][] parameter. Vulnerabilidad de salto de directorio en edituser.php en ImpressCMS v1.2.x anterior a v1.2.7 Final y v1.3.x anterior a v1.3.1 Final permite a usuarios remotos autenticados incluir y ejecutar ficheros locales arbitrarios mediante un .. (punto punto) en el parámetro icmsConfigPlugins[sanitizer_plugins][] • http://archives.neohapsis.com/archives/bugtraq/2012-01/0022.html http://community.impresscms.org/modules/smartsection/item.php?itemid=579 http://secunia.com/advisories/47448 http://www.osvdb.org/78143 http://www.securityfocus.com/bid/51268 https://exchange.xforce.ibmcloud.com/vulnerabilities/72146 https://www.htbridge.com/advisory/HTB23064 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 4.3EPSS: 0%CPEs: 17EXPL: 4

Multiple cross-site scripting (XSS) vulnerabilities in ImpressCMS 1.2.x before 1.2.7 Final and 1.3.x before 1.3.1 Final allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) notifications.php, (2) modules/system/admin/images/browser.php, and (3) modules/content/admin/content.php. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en ImpressCMS v1.2.x anterior a v1.2.7 Final y v1.3.x anterior a v1.3.1 Final permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de PATH_INFO para (1) notifications.php, (2) modules/system/admin/images/browser.php, y (3) modules/content/admin/content.php. • http://archives.neohapsis.com/archives/bugtraq/2012-01/0022.html http://community.impresscms.org/modules/smartsection/item.php?itemid=579 http://secunia.com/advisories/47448 http://www.osvdb.org/78140 http://www.osvdb.org/78141 http://www.osvdb.org/78142 http://www.securityfocus.com/bid/51268 https://exchange.xforce.ibmcloud.com/vulnerabilities/72145 https://www.htbridge.com/advisory/HTB23064 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 0%CPEs: 35EXPL: 1

Cross-site scripting (XSS) vulnerability in modules/content/admin/content.php in ImpressCMS 1.2.3 Final, and possibly other versions before 1.2.4, allows remote attackers to inject arbitrary web script or HTML via the quicksearch_ContentContent parameter. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en modules/content/admin/content.php en ImpressCMS v1.2.3 Final, y probablemente otras versiones previas a v1.2.4, permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través del parámetro quicksearch_ContentContent. • http://community.impresscms.org/modules/smartsection/item.php?itemid=525 http://secunia.com/advisories/42695 http://www.htbridge.ch/advisory/xss_vulnerability_in_impresscms.html http://www.securityfocus.com/archive/1/515397/100/0/threaded • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •