CVE-2018-13983

Vulnerability

Details

ImpressCMS 1.3.10 is affected by multiple reflected cross-site scripting (XSS) vulnerabilities in its installation scripts. The issue arises because the application does not properly sanitize user-supplied input passed through the PATH_INFO parameter to several installer endpoints, including htdocs/install/index.php, htdocs/install/page_langselect.php, and htdocs/install/page_modcheck.php [2][3]. An attacker can inject arbitrary HTML and JavaScript code into the response by crafting a malicious URL.

Exploitation

Exploitation requires no authentication, as the installer scripts are publicly accessible during the setup phase. The attacker must trick a victim into clicking a specially crafted link that includes the XSS payload in the URL path. For example, a URL like http://target/install/index.php/"'--> will execute the injected script in the victim's browser [3]. The vulnerability is classified as reflected XSS, meaning the payload is not stored on the server but is immediately reflected in the HTTP response.

Impact

Successful exploitation allows an attacker to execute arbitrary JavaScript in the context of the victim's browser session. This can lead to session hijacking, defacement, or redirection to malicious sites. The CVSS score for this vulnerability has not been officially assigned by NVD, but the advisory from Netsparker rates it as High severity [2][3].

Mitigation

The vulnerability has been addressed in later versions of ImpressCMS. Users are strongly advised to upgrade to a patched release (e.g., ImpressCMS 2.0.3 or later) to eliminate the risk [3][4]. No workaround is available for the affected version; the only reliable mitigation is to update the software.