A cross-site scripting (XSS) vulnerability in ImpressCMS v1.4.5 and before allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the smile_code
parameter of the component /editprofile.php
.
{ "nvd_published_at": "2023-07-13T17:15:09Z", "cwe_ids": [ "CWE-79" ], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2023-07-13T19:56:13Z" }