{"id":"CVE-2023-37785","details":"A cross-site scripting (XSS) vulnerability in ImpressCMS v1.4.5 and before allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the smile_code parameter of the component /editprofile.php.","aliases":["GHSA-667r-p4gg-7m2q"],"modified":"2026-04-10T04:58:49.089866Z","published":"2023-07-13T17:15:09.387Z","references":[{"type":"EVIDENCE","url":"https://github.com/CrownZTX/cve-description"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/impresscms/impresscms","events":[{"introduced":"0"},{"last_affected":"4421505bc33949b578c204b273cf13b20cb0323b"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"1.4.5"}]}}],"versions":["1.3.10-beta","1.3.8","1.3.9","1.3.9_rc","impresscms_1.3.3","impresscms_1.3.4","v1.3.10","v1.3.11","v1.3.11-beta","v1.3.11-beta2","v1.3.11-rc","v1.3.11-rc2","v1.3.8","v1.4.0","v1.4.0-alpha","v1.4.0-alpha.2","v1.4.0-beta","v1.4.0-rc","v1.4.2","v1.4.2_bis","v1.4.2_rc","v1.4.3","v1.4.3-rc","v1.4.3-rc2","v1.4.4","v1.4.5","v1.4.5-alpha"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-37785.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"}]}