ImpressCMS version 1.3.6.1 suffers from a reflective cross site scripting vulnerability. The vendor has contacted Packet Storm and has noted that versions 1.3.7 and 1.2.9 have been released to address these issues.
9bad6116e496aa4e3d49adffacb2753381461b97bdb2e4149c1c3048a57f3746