Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTc5aHYtcGZ4Ni1oaHBq
Cross-site scripting (XSS)
Cross-site scripting (XSS) in modules/content/admin/content.php in ImpressCMS profile 1.4.2 allows remote attackers to inject arbitrary web script or HTML parameters through the "Display Name" field.
Permalink: https://github.com/advisories/GHSA-79hv-pfx6-hhpjJSON: https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTc5aHYtcGZ4Ni1oaHBq
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: about 3 years ago
Updated: about 1 year ago
Identifiers: GHSA-79hv-pfx6-hhpj, CVE-2021-28088
References:
- https://nvd.nist.gov/vuln/detail/CVE-2021-28088
- https://hackerone.com/reports/1119296
- https://anotepad.com/note/read/s3kkk6h7
- https://github.com/advisories/GHSA-79hv-pfx6-hhpj
Affected Packages
packagist:impresscms/impresscms
Dependent packages: 0Dependent repositories: 0
Downloads: 729 total
Affected Version Ranges: <= 1.4.2
No known fixed version
All affected versions: