CVSS: 4.3EPSS: 0%CPEs: 35EXPL: 1CVE-2010-4616
https://notcve.org/view.php?id=CVE-2010-4616
Cross-site scripting (XSS) vulnerability in modules/content/admin/content.php in ImpressCMS 1.2.3 Final, and possibly other versions before 1.2.4, allows remote attackers to inject arbitrary web script or HTML via the quicksearch_ContentContent parameter. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en modules/content/admin/content.php en ImpressCMS v1.2.3 Final, y probablemente otras versiones previas a v1.2.4, permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través del parámetro quicksearch_ContentContent. • http://community.impresscms.org/modules/smartsection/item.php?itemid=525 http://secunia.com/advisories/42695 http://www.htbridge.ch/advisory/xss_vulnerability_in_impresscms.html http://www.securityfocus.com/archive/1/515397/100/0/threaded • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 33EXPL: 0CVE-2010-4271
https://notcve.org/view.php?id=CVE-2010-4271
SQL injection vulnerability in ImpressCMS before 1.2.3 RC2 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Vulnerabilidad de inyección SQL en ImpressCMS anterior a v1.2.3 RC2, permite a atacantes remotos ejecutar comandos SQL de su elección mediante vectores desconocidos. • http://osvdb.org/69082 http://secunia.com/advisories/42160 http://www.impresscms.org/content.php?page=ImpressCMS_1.2.3 http://www.securityfocus.com/bid/44745 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •