Cross-Site Scripting in ImpressCMS by ImpressCMS
CVE-2008-6360

Currently unrated

Key Information:

Vendor: Impresscms
Status: Impresscms
Vendor: CVE Published:; 2 March 2009

What is CVE-2008-6360?

A Cross-Site Scripting (XSS) vulnerability exists in the userranks feature of ImpressCMS 1.0.2 final, allowing remote attackers to inject arbitrary web scripts or HTML through the 'rank_title' parameter. This can potentially compromise user sessions and expose sensitive information or enable malicious actions on affected sites.

References

http://secunia.com/advisories/33023

third-party-advisoryx_refsource_SECUNIA

http://www.securityfocus.com/bid/32640

vdb-entryx_refsource_BID

http://sourceforge.net/project/shownotes.php?release_id=6...

x_refsource_CONFIRM

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 2, 2009
Vulnerability Reserved
Mar 2, 2009

CVE-2008-6360 Data

JSON

Impresscms

What is CVE-2008-6360?

References

Timeline