An updated version of ImpressCMS 1.2 was released to address a vulnerability in TidyCSS, 1 of the external libraries included in ImpressCMS. If you are using any of the 1.2 series for your site, you are urged to upgrade to 1.2.2 immediately. You can also remove the vulnerable file manually, since it is not used by ImpressCMS
Manual Process
You may manually removed the file containing the vulnerability by navigating to /your_root_path/plugins/csstidy/ and deleting css_optimiser.php, using either ftp or your hosting providers control panel.
Upgrading
To remove the vulnerability using the updated released, upload the files in the update package to your server, login with administrator privileges and go to your administration area. The system will apply the update and attempt to remove the file. If the upgrade is unsuccessful in removing the file (usually because of user permissions on your web server), you will need to remove the file manually, as described above.
Obtaining the Update
You can download the latest version of ImpressCMS from their file release system on SourceForge.
| 