Multiple cross-site scripting (XSS) vulnerabilities in ImpressCMS 1.2.x before 1.2.7 Final and 1.3.x before 1.3.1 Final allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) notifications.php, (2) modules/system/admin/images/browser.php, and (3) modules/content/admin/content.php.

Metrics

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:N/C:N/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Affected Vendors & Products

Vendors Products
Impresscms
  • Impresscms

Configuration 1 [-]

OR cpe:2.3:a:impresscms:impresscms:1.2:alpha1:*:*:*:*:*:*
cpe:2.3:a:impresscms:impresscms:1.2:alpha2:*:*:*:*:*:*
cpe:2.3:a:impresscms:impresscms:1.2:beta:*:*:*:*:*:*
cpe:2.3:a:impresscms:impresscms:1.2:final:*:*:*:*:*:*
cpe:2.3:a:impresscms:impresscms:1.2:rc1:*:*:*:*:*:*
cpe:2.3:a:impresscms:impresscms:1.2:rc2:*:*:*:*:*:*
cpe:2.3:a:impresscms:impresscms:1.2.1:beta:*:*:*:*:*:*
cpe:2.3:a:impresscms:impresscms:1.2.1:final:*:*:*:*:*:*
cpe:2.3:a:impresscms:impresscms:1.2.1:rc1:*:*:*:*:*:*
cpe:2.3:a:impresscms:impresscms:1.2.3:beta:*:*:*:*:*:*
cpe:2.3:a:impresscms:impresscms:1.2.3:final:*:*:*:*:*:*
cpe:2.3:a:impresscms:impresscms:1.2.3:rc1:*:*:*:*:*:*
cpe:2.3:a:impresscms:impresscms:1.2.3:rc2:*:*:*:*:*:*
cpe:2.3:a:impresscms:impresscms:1.2.4:final:*:*:*:*:*:*
cpe:2.3:a:impresscms:impresscms:1.2.5:final:*:*:*:*:*:*
cpe:2.3:a:impresscms:impresscms:1.2.6:final:*:*:*:*:*:*
cpe:2.3:a:impresscms:impresscms:1.3:*:*:*:*:*:*:*

No data.

References
Link Providers
http://archives.neohapsis.com/archives/bugtraq/2012-01/0022.html cve-icon cve-icon
http://community.impresscms.org/modules/smartsection/item.php?itemid=579 cve-icon cve-icon
http://secunia.com/advisories/47448 cve-icon cve-icon
http://www.osvdb.org/78140 cve-icon cve-icon
http://www.osvdb.org/78141 cve-icon cve-icon
http://www.osvdb.org/78142 cve-icon cve-icon
http://www.securityfocus.com/bid/51268 cve-icon cve-icon
https://exchange.xforce.ibmcloud.com/vulnerabilities/72145 cve-icon cve-icon
https://www.htbridge.com/advisory/HTB23064 cve-icon cve-icon
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2012-10-06T21:00:00

Updated: 2024-08-06T18:45:25.971Z

Reserved: 2012-02-02T00:00:00

Link: CVE-2012-0986

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2012-10-06T21:55:03.643

Modified: 2017-08-29T01:31:08.287

Link: CVE-2012-0986

cve-icon Redhat

No data.