CVE-2023-37785
published 2023-07-13CVE-2023-37785: A cross-site scripting (XSS) vulnerability in ImpressCMS v1.4.5 and before allows attackers to execute arbitrary web scripts or HTML via a crafted payload…
PriorityP417medium4.8CVSS 3.1
AVNACLPRHUIRSCCLILAN
EPSS
0.40%
31.4th percentile
A cross-site scripting (XSS) vulnerability in ImpressCMS v1.4.5 and before allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the smile_code parameter of the component /editprofile.php.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| impresscms | impresscms | <= 1.4.5 | — |
| impresscms | impresscms | 0 – 1.4.5 | — |
CVSS provenance
nvdv3.14.8MEDIUMCVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
osv7.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
linux-azure-fips vulnerabilities
osv·2025-10-21·CVSS 7.8
linux-azure-fips vulnerabilities
linux-azure-fips vulnerabilities
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- Network drivers;
- Device tree and open firmware driver;
- SCSI subsystem;
- TTY drivers;
- Ext4 file system;
- Network file system (NFS) server daemon;
- SMB network file system;
- Bluetooth subsystem;
- Packet sockets;
- Network traffic control;
- VMware vSockets driver;
(CVE-2025-38350, CVE-2024-57996, CVE-2025-37752, CVE-2025-38617,
CVE-2025-38477, CVE-2025-38083, CVE-2024-38541, CVE-2023-52757,
CVE-2023-52975, CVE-2025-38618, CVE-2024-49950, CVE-2024-50073,
CVE-2025-37785, CVE-2025-21796, CVE-2025-38683, CVE-2025-37797)
OSV
linux-azure, linux-azure-5.4 vulnerabilities
osv·2025-10-13·CVSS 7.8
linux-azure, linux-azure-5.4 vulnerabilities
linux-azure, linux-azure-5.4 vulnerabilities
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- Network drivers;
- Device tree and open firmware driver;
- SCSI subsystem;
- TTY drivers;
- Ext4 file system;
- Network file system (NFS) server daemon;
- SMB network file system;
- Bluetooth subsystem;
- Packet sockets;
- Network traffic control;
- VMware vSockets driver;
(CVE-2025-38350, CVE-2024-57996, CVE-2025-37752, CVE-2025-38617,
CVE-2025-38477, CVE-2025-38083, CVE-2024-38541, CVE-2023-52757,
CVE-2023-52975, CVE-2025-38618, CVE-2024-49950, CVE-2024-50073,
CVE-2025-37785, CVE-2025-21796, CVE-2025-38683, CVE-2025-37797)
OSV
ImpressCMS Cross-site Scripting vulnerability
osv·2023-07-13
CVE-2023-37785 [MEDIUM] ImpressCMS Cross-site Scripting vulnerability
ImpressCMS Cross-site Scripting vulnerability
A cross-site scripting (XSS) vulnerability in ImpressCMS v1.4.5 and before allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the `smile_code` parameter of the component `/editprofile.php`.
GHSA
ImpressCMS Cross-site Scripting vulnerability
ghsa·2023-07-13
CVE-2023-37785 [MEDIUM] CWE-79 ImpressCMS Cross-site Scripting vulnerability
ImpressCMS Cross-site Scripting vulnerability
A cross-site scripting (XSS) vulnerability in ImpressCMS v1.4.5 and before allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the `smile_code` parameter of the component `/editprofile.php`.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2023-07-13
Published