CVE-2012-0986

Name of the Vulnerable Software and Affected Versions ImpressCMS versions 1.2.x through 1.2.7 Final ImpressCMS versions 1.3.x through 1.3.1 Final

Description The issue allows remote attackers to inject arbitrary web script or HTML via the PATH INFO to specific API endpoints, including "notifications.php", "modules/system/admin/images/browser.php", and "modules/content/admin/content.php".

Recommendations For ImpressCMS versions 1.2.x through 1.2.7 Final, update to version 1.2.7 Final or later. For ImpressCMS versions 1.3.x through 1.3.1 Final, update to version 1.3.1 Final or later.