CVE-2014-4036

EPSS 0.22%

ImpressCMS Cross-site scripting Vulnerability

Published: 5/17/2022Modified: 11/8/2023

Description

A cross-site scripting (XSS) vulnerability in `modules/system/admin.php` in ImpressCMS 1.3.6.1 allows remote attackers to inject arbitrary web script or HTML via the query parameter in a listimg action.

Affected packages (1)

Packagist/impresscms/impresscmsfrom 0, <= 1.3.6.1

References (2)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2014-4036
WEBhttp://packetstormsecurity.com/files/126909/ImpressCMS-1.3.6.1-Cross-Site-Scripting.html