Cross-Site Scripting in ImpressCMS by ImpressCMS
CVE-2018-13983

6.1MEDIUM

Key Information:

Vendor

Impresscms

Status
Impresscms
Vendor
CVE Published:
6 May 2019

What is CVE-2018-13983?

ImpressCMS version 1.3.10 is susceptible to a Cross-Site Scripting (XSS) attack due to improper validation of user input in the PATH_INFO variable. This vulnerability is specifically found in the htdocs/install/index.php, htdocs/install/page_langselect.php, and htdocs/install/page_modcheck.php scripts. An attacker can exploit this weakness to inject malicious scripts into web pages viewed by other users, potentially leading to data compromise or session hijacking. Immediate measures should be taken to address this security flaw by validating and sanitizing user inputs properly.

References

http://packetstormsecurity.com/files/150990/ImpressCMS-1....
x_refsource_MISC
http://seclists.org/fulldisclosure/2019/Jan/8
x_refsource_MISC
https://www.netsparker.com/web-applications-advisories/ns...
x_refsource_MISC

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.