ImpressCMS - HackerOne Reports

Slack server disclose h1 private issue report

Reported by: ex1st3nc3_ | Disclosed:

Low

Weakness: Authentication Bypass Using an Alternate Path or Channel

Reported by: egix | Disclosed:

Medium

Weakness: Incorrect Authorization

Reported by: egix | Disclosed:

Medium

Weakness: Path Traversal

Reported by: cyberinsane | Disclosed:

High

Weakness: SQL Injection

Reported by: kurdishhacked | Disclosed:

High

Weakness: Cross-site Scripting (XSS) - Reflected

Reported by: tehwinsam | Disclosed:

Medium

Weakness: Cross-site Scripting (XSS) - Stored

CVEs: CVE-2020-17551

Reported by: solov9ev | Disclosed:

Low

Weakness: SQL Injection

Reported by: ex1st3nc3_ | Disclosed:

Critical

Weakness: Authentication Bypass Using an Alternate Path or Channel

Reported by: egix | Disclosed:

Low

Reported by: egix | Disclosed:

Critical

Weakness: SQL Injection

Reported by: d3addog | Disclosed:

Medium

Weakness: Cross-Site Request Forgery (CSRF)