VYPR
Moderate severityNVD Advisory· Published Jul 13, 2023· Updated Oct 30, 2024

CVE-2023-37785

CVE-2023-37785

Description

A cross-site scripting (XSS) vulnerability in ImpressCMS v1.4.5 and before allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the smile_code parameter of the component /editprofile.php.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
impresscms/impresscmsPackagist
<= 1.4.5

Affected products

2

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.