Moderate severityNVD Advisory· Published Jul 13, 2023· Updated Oct 30, 2024
CVE-2023-37785
CVE-2023-37785
Description
A cross-site scripting (XSS) vulnerability in ImpressCMS v1.4.5 and before allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the smile_code parameter of the component /editprofile.php.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
impresscms/impresscmsPackagist | <= 1.4.5 | — |
Affected products
2Patches
Vulnerability mechanics
References
2- github.com/advisories/GHSA-667r-p4gg-7m2qghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2023-37785ghsaADVISORY
News mentions
0No linked articles in our index yet.