-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI
PHPPHPMiggo AIRoot Cause AnalysisThe vulnerability description explicitly states XSS occurs via the 'query' parameter in the 'listimg' action within admin.php. While the exact function name isn't provided, ImpressCMS's architecture typically routes actions through a central handler in admin.php. The lack of output encoding for the 'query' parameter in this context matches classic reflected XSS patterns. The combination of specific file path, parameter name, and action type provides high confidence in identifying the handler responsible.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| impresscms/impresscms | composer | <= 1.3.6.1 |
Ongoing coverage of React2Shell