CVE-2012-0986

Published: Oct 6, 2012Modified: Apr 29, 2026

4.3

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability: 8.6 / Impact: 2.9

Source: NVD

Description

Multiple cross-site scripting (XSS) vulnerabilities in ImpressCMS 1.2.x before 1.2.7 Final and 1.3.x before 1.3.1 Final allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) notifications.php, (2) modules/system/admin/images/browser.php, and (3) modules/content/admin/content.php.

Affected (17)

Products: Impresscms: Impresscms

1 product

Configuration A

17 vulnerable

Vulnerable Software	Affected Versions
Impresscms Impresscms	Version 1.2.1 beta
Impresscms Impresscms	Version 1.2.1 final
Impresscms Impresscms	Version 1.2.1 rc1
Impresscms Impresscms	Version 1.2.3 beta
Impresscms Impresscms	Version 1.2.3 final
Impresscms Impresscms	Version 1.2.3 rc1
Impresscms Impresscms	Version 1.2.3 rc2
Impresscms Impresscms	Version 1.2.4 final
Impresscms Impresscms	Version 1.2.5 final
Impresscms Impresscms	Version 1.2.6 final
Impresscms Impresscms	Version 1.2 alpha1
Impresscms Impresscms	Version 1.2 alpha2
Impresscms Impresscms	Version 1.2 beta
Impresscms Impresscms	Version 1.2 final
Impresscms Impresscms	Version 1.2 rc1
Impresscms Impresscms	Version 1.2 rc2
Impresscms Impresscms	Version 1.3

Related CWEs

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (18)

http://archives.neohapsis.com/archives/bugtraq/2012-01/0022.html

Source: cve@mitre.org

Exploit

http://community.impresscms.org/modules/smartsection/item.php?itemid=579

Source: cve@mitre.org

PatchVendor Advisory

http://secunia.com/advisories/47448

Source: cve@mitre.org

Vendor Advisory

http://www.osvdb.org/78140

Source: cve@mitre.org

http://www.osvdb.org/78141

Source: cve@mitre.org

Exploit

http://www.osvdb.org/78142

Source: cve@mitre.org

Exploit

http://www.securityfocus.com/bid/51268

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/72145

Source: cve@mitre.org

https://www.htbridge.com/advisory/HTB23064

Source: cve@mitre.org

Exploit

http://archives.neohapsis.com/archives/bugtraq/2012-01/0022.html

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

http://community.impresscms.org/modules/smartsection/item.php?itemid=579

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

http://secunia.com/advisories/47448

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.osvdb.org/78140

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.osvdb.org/78141

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

http://www.osvdb.org/78142

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

http://www.securityfocus.com/bid/51268

Source: af854a3a-2127-422b-91ae-364da2661108

https://exchange.xforce.ibmcloud.com/vulnerabilities/72145

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.htbridge.com/advisory/HTB23064

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

Timeline

No history available yet.