Moderate severityNVD Advisory· Published Mar 11, 2021· Updated Aug 3, 2024
CVE-2021-28088
CVE-2021-28088
Description
Cross-site scripting (XSS) in modules/content/admin/content.php in ImpressCMS profile 1.4.2 allows remote attackers to inject arbitrary web script or HTML parameters through the "Display Name" field.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
impresscms/impresscmsPackagist | <= 1.4.2 | — |
Affected products
2- ImpressCMS/profiledescription
Patches
Vulnerability mechanics
References
4- github.com/advisories/GHSA-79hv-pfx6-hhpjghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2021-28088ghsaADVISORY
- anotepad.com/note/read/s3kkk6h7ghsax_refsource_MISCWEB
- hackerone.com/reports/1119296ghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.