CVE-2020-17551

UNKNOWN

Published 2020-10-07T16:05:28

Actions:

Expert Analysis

Professional remediation guidance

Get tailored security recommendations from our analyst team for CVE-2020-17551. We'll provide specific mitigation strategies based on your environment and risk profile.

No CVSS data available

Description

ImpressCMS 1.4.0 is affected by XSS in modules/system/admin.php which may result in arbitrary remote code execution.

Available Exploits

No exploits available for this CVE.

Related News

No news articles found for this CVE.

GitHub Security Advisories

Community-driven vulnerability intelligence from GitHub

✓ GitHub Reviewed MODERATE

Cross-site scripting (XSS)

GHSA-j29g-g982-pwpv

Advisory Details

ImpressCMS 1.4.0 is affected by XSS in modules/system/admin.php which may result in arbitrary remote code execution.

Affected Packages

Packagist impresscms/impresscms

ECOSYSTEM: ≥0 <1.4.1

CVSS Scoring

CVSS Score

5.0

CVSS Vector


                                    CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2020-17551

WEB https://github.com/ImpressCMS/impresscms/issues/659

WEB https://www.impresscms.org

Advisory provided by GitHub Security Advisory Database. Published: March 12, 2021, Modified: March 12, 2021

References

https://www.impresscms.org/

https://github.com/ImpressCMS/impresscms/issues/659

HackerOne Reports

Stored XSS on 1.4.0 Medium

tehwinsam

ImpressCMS

Cross-site Scripting (XSS) - Stored

View Report

Published: 2020-10-07T16:05:28

Last Modified: 2024-08-04T14:00:48.588Z

Copied to clipboard!

CVE-2020-17551

Expert Analysis

Description

Available Exploits

Related News

GitHub Security Advisories

Cross-site scripting (XSS)

Advisory Details

Affected Packages

CVSS Scoring

CVSS Score

CVSS Vector

References

References

HackerOne Reports

Request Analysis

What to expect

Request Received!