impressCMS 1.3.5 arbitrary file deletion and XSS

Credit: Pedro Ribeiro
Risk: Medium
Local: No
Remote: Yes

CVSS Base Score: 6.4/10
Impact Subscore: 4.9/10
Exploitability Subscore: 10/10
Exploit range: Remote
Attack complexity: Low
Authentication: No required
Confidentiality impact: None
Integrity impact: Partial
Availability impact: Partial

I have discovered two vulnerabilities in ImpressCMS. These have been fixed in the new 1.3.6 version, which you can get at . One is an arbitrary file deletion and the other is two cross site scripting issues. Note that I was unable to exploit the XSS issues due to the inbuilt protection module, so I'm not sure if it qualifies for a CVE. The tickets containing the information are available here Unfortunately I can't paste the full report in this email as the Android Gmail client will mangle it. Please see the text file at more details. Thanks in advance, and thanks to the ImpressCMS team for being so responsive. Regards, Pedro Ribeiro Agile Information Security


Vote for this issue:


Thanks for you vote!


Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2019,


Back to Top