CVE-2021-28088

EPSS 0.16%

Cross-site scripting (XSS)

Published: 3/12/2021Modified: 11/8/2023

Description

Cross-site scripting (XSS) in modules/content/admin/content.php in ImpressCMS profile 1.4.2 allows remote attackers to inject arbitrary web script or HTML parameters through the "Display Name" field.

Affected packages (1)

Packagist/impresscms/impresscmsfrom 0, <= 1.4.2

References (3)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2021-28088
WEBhttps://anotepad.com/note/read/s3kkk6h7
WEBhttps://hackerone.com/reports/1119296