Impresscms/impresscms

This hub aggregates every CVE we track for Impresscms/impresscms, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 13 most recently published vulnerabilities affecting Impresscms/impresscms.

• CVE-2023-37785A cross-site scripting (XSS) vulnerability in ImpressCMS v1.4.5 and before allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the smile_code parameter of ...4.8Jul 13, 2023
• CVE-2022-26986SQL Injection in ImpressCMS 1.4.3 and earlier allows remote attackers to inject into the code in unintended way, this allows an attacker to read and modify the sensitive information from the databa...7.2Apr 5, 2022
• CVE-2021-26601ImpressCMS before 1.4.3 allows libraries/image-editor/image-edit.php image_temp Directory Traversal.8.1Mar 28, 2022
• CVE-2021-26600ImpressCMS before 1.4.3 has plugins/preloads/autologin.php type confusion with resultant Authentication Bypass (!= instead of !==).9.8Mar 28, 2022
• CVE-2021-26599ImpressCMS before 1.4.3 allows include/findusers.php groups SQL Injection.9.8Mar 28, 2022
• CVE-2021-26598ImpressCMS before 1.4.3 has Incorrect Access Control because include/findusers.php allows access by unauthenticated attackers (who are, by design, able to have a security token).5.3Mar 28, 2022
• CVE-2022-24977ImpressCMS before 1.4.2 allows unauthenticated remote code execution via ...../// directory traversal in origName or imageName, leading to unsafe interaction with the CKEditor processImage.php scri...9.8Feb 13, 2022
• CVE-2021-28088Cross-site scripting (XSS) in modules/content/admin/content.php in ImpressCMS profile 1.4.2 allows remote attackers to inject arbitrary web script or HTML parameters through the "Display Name" field.5.4Mar 11, 2021
• CVE-2020-17551ImpressCMS 1.4.0 is affected by XSS in modules/system/admin.php which may result in arbitrary remote code execution.4.8Oct 7, 2020
• CVE-2018-13983ImpressCMS 1.3.10 has XSS via the PATH_INFO to htdocs/install/index.php, htdocs/install/page_langselect.php, or htdocs/install/page_modcheck.php.6.1May 6, 2019
• CVE-2014-1836Absolute path traversal vulnerability in htdocs/libraries/image-editor/image-edit.php in ImpressCMS before 1.3.6 allows remote attackers to delete arbitrary files via a full pathname in the image_p...6.4Jul 1, 2015
• CVE-2014-4036Cross-site scripting (XSS) vulnerability in modules/system/admin.php in ImpressCMS 1.3.6.1 allows remote attackers to inject arbitrary web script or HTML via the query parameter in a listimg action.4.3Jun 11, 2014
• CVE-2010-4616Cross-site scripting (XSS) vulnerability in modules/content/admin/content.php in ImpressCMS 1.2.3 Final, and possibly other versions before 1.2.4, allows remote attackers to inject arbitrary web sc...4.3Dec 29, 2010