CVE-2023-37785

CVSS 3.1 Score 4.8 of 10 (medium)

Details

Published Jul 13, 2023

Updated: Jul 21, 2023

CWE ID 79

Summary

CVE-2023-37785 is a cross-site scripting (XSS) vulnerability affecting ImpressCMS versions 1.4.5 and earlier. This issue permits attackers to inject arbitrary web scripts or HTML into the smile_code parameter of the /editprofile.php component, potentially enabling them to steal user data or take control of user sessions. Successful exploitation of this vulnerability could lead to serious security consequences, including data theft or unauthorized access. Users are advised to upgrade to the latest version of ImpressCMS to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

ImpressCMS

Affected Vendors

Impresscms

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/r8cP4A
https://www.cve.org/CVERecord?id=CVE-2023-37785
https://nvd.nist.gov/vuln/detail/CVE-2023-37785

Back to Vulnerability Database