Known Vulnerabilities for ImpressCMS by Impresscms
Listed below are 10 of the newest known vulnerabilities associated with "ImpressCMS" by "Impresscms".
These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.
Data on known vulnerable versions is also displayed based on information from known CPEs
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2023-37785 json | A cross-site scripting (XSS) vulnerability in ImpressCMS v1.4.5 and before allows attackers to execute arbitrary web scripts ... | 4.8 - MEDIUM | 2023-07-13 | 2023-07-21 |
| CVE-2022-26986 json | SQL Injection in ImpressCMS 1.4.3 and earlier allows remote attackers to inject into the code in unintended way, this allows ... | 7.2 - HIGH | 2022-04-05 | 2023-03-27 |
| CVE-2022-24977 json | ImpressCMS before 1.4.2 allows unauthenticated remote code execution via ...../// directory traversal in origName or imageNam... | 9.8 - CRITICAL | 2022-02-14 | 2022-02-24 |
| CVE-2021-28088 json | Cross-site scripting (XSS) in modules/content/admin/content.php in ImpressCMS profile 1.4.2 allows remote attackers to inject... | 5.4 - MEDIUM | 2021-03-11 | 2021-03-12 |
| CVE-2021-26601 json | ImpressCMS before 1.4.3 allows libraries/image-editor/image-edit.php image_temp Directory Traversal. | 8.1 - HIGH | 2022-03-28 | 2022-03-30 |
| CVE-2021-26600 json | ImpressCMS before 1.4.3 has plugins/preloads/autologin.php type confusion with resultant Authentication Bypass (!= instead of... | 9.8 - CRITICAL | 2022-03-28 | 2022-03-30 |
| CVE-2021-26599 json | ImpressCMS before 1.4.3 allows include/findusers.php groups SQL Injection. | 9.8 - CRITICAL | 2022-03-28 | 2022-03-30 |
| CVE-2021-26598 json | ImpressCMS before 1.4.3 has Incorrect Access Control because include/findusers.php allows access by unauthenticated attackers... | 5.3 - MEDIUM | 2022-03-28 | 2022-04-04 |
| CVE-2020-17551 json | ImpressCMS 1.4.0 is affected by XSS in modules/system/admin.php which may result in arbitrary remote code execution. | 4.8 - MEDIUM | 2020-10-07 | 2020-10-14 |
| CVE-2019-25703 json | ImpressCMS 1.3.11 contains a time-based blind SQL injection vulnerability that allows authenticated attackers to manipulate d... | 4.8 - MEDIUM | 2026-04-12 | 2026-04-12 |
Known Affected Configurations (CPE V2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Impresscms | Impresscms | 1.4.0 | |||
| Application | Impresscms | Impresscms | 1.3.6.1 | |||
| Application | Impresscms | Impresscms | 1.3.5 | |||
| Application | Impresscms | Impresscms | 1.3.2 | |||
| Application | Impresscms | Impresscms | 1.3.10 | |||
| Application | Impresscms | Impresscms | 1.3.1 | |||
| Application | Impresscms | Impresscms | 1.3 | |||
| Application | Impresscms | Impresscms | 1.2.7 | |||
| Application | Impresscms | Impresscms | 1.2.6 | |||
| Application | Impresscms | Impresscms | 1.2.5 | |||
| Application | Impresscms | Impresscms | 1.2.4 | |||
| Application | Impresscms | Impresscms | 1.2.3 | |||
| Application | Impresscms | Impresscms | 1.2.3 | |||
| Application | Impresscms | Impresscms | 1.2.3 | |||
| Application | Impresscms | Impresscms | 1.2.3 | |||
| Application | Impresscms | Impresscms | 1.2.1 | |||
| Application | Impresscms | Impresscms | 1.2.1 | |||
| Application | Impresscms | Impresscms | 1.2.1 | |||
| Application | Impresscms | Impresscms | 1.2 | |||
| Application | Impresscms | Impresscms | 1.2 |