Lucene search

[email protected]CVE-2021-39136

HistoryAug 25, 2021 - 6:15 p.m.

CVE-2021-39136

2021-08-2518:15:07

CWE-79

[email protected]

web.nvd.nist.gov

basercms

open source

content management system

cross-site scripting

vulnerability

file upload

japanese language support

3.5 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

8.7 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N

0.001 Low

EPSS

Percentile

33.2%

JSON

baserCMS is an open source content management system with a focus on Japanese language support. In affected versions there is a cross-site scripting vulnerability in the file upload function of the management system of baserCMS. Users are advised to update as soon as possible. No workaround are available to mitigate this issue.

Affected configurations

Vulners

NVD

Node

baserprojectbasercmsRange<4.5.1

CPENameOperatorVersion
basercms:basercmsbasercmslt4.5.1

CPE	Name	Operator	Version
basercms:basercms	basercms	lt	4.5.1

CNA Affected

[
  {
    "product": "basercms",
    "vendor": "baserproject",
    "versions": [
      {
        "status": "affected",
        "version": "< 4.5.1"
      }
    ]
  }
]