Make a Lasting Impression
Published by Fiammybe on 2014/6/16 (2761 reads)
Security Notification CVE-2014-4036 (Low Impact)

Recently, a new security notification had been submitted to CVE without the project being notified beforehand. This has been rectified, and we are preparing the appropriate files for release.

  View this article in PDF format Print article Send article

Published by Fiammybe on 2013/7/29 (1235 reads)
Incorrect notification about XSS in content module

Notification about a potential security issue in the Content Module, delivered with ImpressCMS 1.3.4, circulate on the internet. The issuer already got in touch with us in February. However, the ImpressCMS team and more in particular the security expert, could not reproduce the issue.

  View this article in PDF format Print article Send article

Published by Skenow on 2011/5/3 (4756 reads)
Security Vulnerability in FCKeditor

It has been brought to our attention there is a potential file upload vulnerability in FCKeditor, which is included in ImpressCMS 1.1.x and 1.2.x packages. This vulnerability exists even if you do not have FCKeditor enabled or have the WYSIWYG editors enabled.

In an effort to provide you with the safest possible environment for your websites and balance that with the features you expect, we are releasing an updated package with better security for FCKeditor. You should immediately update your sites with this patch.

  View this article in PDF format Print article Send article

Published by Fiammybe on 2010/12/15 (6356 reads)
Upgrade now to ImpressCMS 1.2.4 Security Release

The ImpressCMS Project announces an important update to the 1.2.x series, addressing 2 vulnerabilities recently discovered.

The first issue was with the imagemanager plugin for TinyMCE, allowing unauthorized creation of image categories. The second is a potential cross site scripting vulnerability in the quicksearch functionality of the ImpressCMS Persistable Framework. This vulnerability required elevated permissions and was only present in the administration area.

This issue has now been fixed in version 1.2.4. The ImpressCMS team urges everyone to upgrade their ImpressCMS installation as soon as possible.

  View this article in PDF format Print article Send article

Published by Skenow on 2010/7/13 (3745 reads)
Security Vulnerability Reported in CSSTidy

There has been a recent report of a potential vulnerability in the CSSTidy library included with ImpressCMS 1.2.0 and 1.2.1 releases. The vulnerability exists in a file used as a implementation of the CSSTidy classes to demonstrates how the library functions.

This file not used by ImpressCMS and can be removed from your sites.

In fact, it is recommended you remove the file. The file to remove is plugins/csstidy/css_optimiser.php. A patched version of ImpressCMS (version 1.2.2) will be released later today for new installations.

  View this article in PDF format Print article Send article

Published by Tom on 2008/12/3 (4082 reads)

ImpressCMS takes security responsibly and as such whenever a vulnerability is found we work around the clock to fix the issue along with intensive testing trials in an attempt to minimise any other issues arrising.

ImpressCMS 1.1.1 fixes a security related issue which relates to Sessions Fixation whereby an attacker can exploit this issue by enticing an unsuspecting victim into following a malicious URI and thus gaining unauthorised access.

  View this article in PDF format Print article Send article

RSS Feed