CVE-2023-37785

Vulnerability

Description

A cross-site scripting (XSS) vulnerability exists in ImpressCMS versions 1.4.5 and earlier. The root cause is insufficient sanitization of the smile_code parameter passed to the /editprofile.php component [1]. An attacker can store a malicious payload, such as "\'>, into this parameter [3].

Exploitation

Path

An attacker must first have administrator-level access to the ImpressCMS administration panel [3]. By navigating to Administration Menu > Smilies and editing a smile entry, the attacker can intercept the form submission and modify the smile_code value. The crafted payload is then stored in the database. When any user visits their own profile edit page (/editprofile.php), the injected script executes because the stored value is rendered without proper output encoding [3].

Impact

Successful exploitation allows the attacker to execute arbitrary web scripts or HTML in the context of a victim user's browser session, leading to potential session hijacking, credential theft, or defacement. Since the attack is stored, the payload is triggered each time an affected user accesses the profile editing page [1][3].

Mitigation

The ImpressCMS project has addressed this issue in later versions. Users should upgrade to a patched release (e.g., ImpressCMS 2.0.3 or newer) that properly sanitizes the smile_code parameter [2]. No official workaround has been documented, but applying proper input validation and output encoding at the application level can mitigate the risk until an upgrade is performed.