GHSA-79hv-pfx6-hhpj

Suggest an improvement
Source
https://github.com/advisories/GHSA-79hv-pfx6-hhpj
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/03/GHSA-79hv-pfx6-hhpj/GHSA-79hv-pfx6-hhpj.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-79hv-pfx6-hhpj
Aliases
Published
2021-03-12T21:34:02Z
Modified
2023-11-08T04:05:28.152861Z
Summary
Cross-site scripting (XSS)
Details

Cross-site scripting (XSS) in modules/content/admin/content.php in ImpressCMS profile 1.4.2 allows remote attackers to inject arbitrary web script or HTML parameters through the "Display Name" field.

References

Affected packages

Packagist / impresscms/impresscms

Package

Name
impresscms/impresscms
Purl
pkg:composer/impresscms/impresscms

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Last affected
1.4.2