CVE-2014-4036

Name of the Vulnerable Software and Affected Versions ImpressCMS version 1.3.6.1

Description A cross-site scripting (XSS) issue exists in the modules/system/admin.php file, allowing remote attackers to inject arbitrary web script or HTML via the query parameter in a "listimg" action. This could potentially lead to unauthorized access or control of user sessions.

Recommendations For ImpressCMS version 1.3.6.1, consider disabling the listimg action in the modules/system/admin.php file until a patch is available. Restrict access to the modules/system/admin.php file to minimize the risk of exploitation. Avoid using the query parameter in the affected API endpoint until the issue is resolved.