CVE-2020-17551

Vulnerability

Overview

CVE-2020-17551 describes a stored cross-site scripting (XSS) vulnerability in ImpressCMS 1.4.0, specifically within the modules/system/admin.php script. The root cause is insufficient sanitization of user-supplied input in the adsense and customtag modules, allowing an attacker to inject arbitrary JavaScript code that is stored and later executed in the context of an administrator's browser [1][3].

Exploitation

An attacker with the ability to create or edit adsense tags or custom tags can inject a malicious payload into fields such as the adsense ID (adsenseid) or the custom tag name. The vulnerable URLs include /modules/system/admin.php?fct=adsense&op=mod&adsenseid=4 and /modules/system/admin.php?fct=customtag&op=mod. No authentication bypass is required; the attacker must have at least editor-level privileges to access these forms [3].

Impact

Successful exploitation allows an attacker to execute arbitrary JavaScript in the context of an authenticated administrator. This can lead to session hijacking, privilege escalation, and potentially arbitrary remote code execution if the attacker leverages the admin session to perform further actions, such as uploading malicious files or modifying system settings [1].

Mitigation

As of the publication date, no official patch has been released for ImpressCMS 1.4.0. Users are advised to upgrade to a supported version (e.g., ImpressCMS 2.0.x) and to apply strict input validation and output encoding as a workaround. The vendor's website provides information on the latest releases [2].