Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
impresscms impresscms vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2021-26599
ImpressCMS prior to 1.4.3 allows include/findusers.php groups SQL Injection.
Impresscms Impresscms
9.8
CVSSv3
CVE-2021-26600
ImpressCMS prior to 1.4.3 has plugins/preloads/autologin.php type confusion with resultant Authentication Bypass (!= instead of !==).
Impresscms Impresscms
4.8
CVSSv3
CVE-2023-37785
A cross-site scripting (XSS) vulnerability in ImpressCMS v1.4.5 and before allows malicious users to execute arbitrary web scripts or HTML via a crafted payload injected into the smile_code parameter of the component /editprofile.php.
Impresscms Impresscms
6.1
CVSSv3
CVE-2018-13983
ImpressCMS 1.3.10 has XSS via the PATH_INFO to htdocs/install/index.php, htdocs/install/page_langselect.php, or htdocs/install/page_modcheck.php.
Impresscms Impresscms 1.3.10
NA
CVE-2008-3453
Multiple unspecified vulnerabilities in ImpressCMS 1.0 have unknown impact and attack vectors, related to modules/admin.php and "a few files."
Impresscms Impresscms 1.0
NA
CVE-2014-4036
Cross-site scripting (XSS) vulnerability in modules/system/admin.php in ImpressCMS 1.3.6.1 allows remote malicious users to inject arbitrary web script or HTML via the query parameter in a listimg action.
Impresscms Impresscms 1.3.6.1
4.8
CVSSv3
CVE-2020-17551
ImpressCMS 1.4.0 is affected by XSS in modules/system/admin.php which may result in arbitrary remote code execution.
Impresscms Impresscms 1.4.0
NA
CVE-2008-6360
Cross-site scripting (XSS) vulnerability in the userranks feature in modules/system/admin.php in ImpressCMS 1.0.2 final allows remote malicious users to inject arbitrary web script or HTML via the rank_title parameter. NOTE: some of these details are obtained from third party inf...
Impresscms Impresscms 1.0.2
5.4
CVSSv3
CVE-2021-28088
Cross-site scripting (XSS) in modules/content/admin/content.php in ImpressCMS profile 1.4.2 allows remote malicious users to inject arbitrary web script or HTML parameters through the "Display Name" field.
Impresscms Impresscms 1.4.2
NA
CVE-2008-2035
Cross-site scripting (XSS) vulnerability in the Bluemoon, Inc. (1) BackPack 0.91 and previous versions, (2) BmSurvey 0.84 and previous versions, (3) newbb_fileup 1.83 and previous versions, (4) News_embed (news_fileup) 1.44 and previous versions, and (5) PopnupBlog 3.19 and previ...
Xoops Xoops Cube 2.1
Bluemoon Popnupblog
Bluemoon Newbb Fileup
Bluemoon Backpack
Bluemoon News Fileup
Xoops Xoops 2.0
Bluemoon Bmsurvey
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-28995
CVE-2024-36680
CVE-2024-35537
unauthorized
CVE-2024-21518
CVE-2024-37673
cross-site scripting
SSRF
CVE-2024-6241
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2