VYPR
← All advisories
Unrated severityNVD Advisory· Published Oct 6, 2012· Updated Apr 29, 2026

CVE-2012-0986

CVE-2012-0986

Description

Multiple cross-site scripting (XSS) vulnerabilities in ImpressCMS 1.2.x before 1.2.7 Final and 1.3.x before 1.3.1 Final allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) notifications.php, (2) modules/system/admin/images/browser.php, and (3) modules/content/admin/content.php.

Affected products

17
  • Impresscms/Impresscms17 versions
    cpe:2.3:a:impresscms:impresscms:1.2:alpha1:*:*:*:*:*:*+ 16 more
    • cpe:2.3:a:impresscms:impresscms:1.2:alpha1:*:*:*:*:*:*
    • cpe:2.3:a:impresscms:impresscms:1.2:alpha2:*:*:*:*:*:*
    • cpe:2.3:a:impresscms:impresscms:1.2:beta:*:*:*:*:*:*
    • cpe:2.3:a:impresscms:impresscms:1.2:final:*:*:*:*:*:*
    • cpe:2.3:a:impresscms:impresscms:1.2:rc1:*:*:*:*:*:*
    • cpe:2.3:a:impresscms:impresscms:1.2:rc2:*:*:*:*:*:*
    • cpe:2.3:a:impresscms:impresscms:1.2.1:beta:*:*:*:*:*:*
    • cpe:2.3:a:impresscms:impresscms:1.2.1:final:*:*:*:*:*:*
    • cpe:2.3:a:impresscms:impresscms:1.2.1:rc1:*:*:*:*:*:*
    • cpe:2.3:a:impresscms:impresscms:1.2.3:beta:*:*:*:*:*:*
    • cpe:2.3:a:impresscms:impresscms:1.2.3:final:*:*:*:*:*:*
    • cpe:2.3:a:impresscms:impresscms:1.2.3:rc1:*:*:*:*:*:*
    • cpe:2.3:a:impresscms:impresscms:1.2.3:rc2:*:*:*:*:*:*
    • cpe:2.3:a:impresscms:impresscms:1.2.4:final:*:*:*:*:*:*
    • cpe:2.3:a:impresscms:impresscms:1.2.5:final:*:*:*:*:*:*
    • cpe:2.3:a:impresscms:impresscms:1.2.6:final:*:*:*:*:*:*
    • cpe:2.3:a:impresscms:impresscms:1.3:*:*:*:*:*:*:*

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

9

News mentions

0

No linked articles in our index yet.