Exploitable Cross-Site Scripting Flaws in ImpressCMS by ImpressCMS
CVE-2012-0986

Currently unrated

Key Information:

Vendor: Impresscms
Status: Impresscms
Vendor: CVE Published:; 6 October 2012

What is CVE-2012-0986?

ImpressCMS versions prior to 1.2.7 Final and 1.3.1 Final are susceptible to multiple cross-site scripting vulnerabilities. Attackers can exploit these weaknesses by injecting arbitrary web scripts or HTML into the system via specific endpoints, including notifications.php, modules/system/admin/images/browser.php, and modules/content/admin/content.php. This can lead to unauthorized actions and data exposure, making it critical for users to implement the necessary patches and secure their installations.

References

http://www.osvdb.org/78140

vdb-entryx_refsource_OSVDB

http://www.securityfocus.com/bid/51268

vdb-entryx_refsource_BID

https://www.htbridge.com/advisory/HTB23064

x_refsource_MISC

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 6, 2012
Vulnerability Reserved
Feb 2, 2012

CVE-2012-0986 Data

JSON

Impresscms

What is CVE-2012-0986?

References

Timeline