CVE-2022-39325

2022-11-2520:15:10

CWE-79

[email protected]

web.nvd.nist.gov

basercms

cross-site scripting

vulnerability

management system

upgrade

nvd

cve-2022-39325

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

31.0%

JSON

BaserCMS is a content management system with a japanese language focus. In affected versions there is a cross-site scripting vulnerability on the management system of baserCMS. This is a vulnerability that needs to be addressed when the management system is used by an unspecified number of users. Users of baserCMS are advised to upgrade as soon as possible. There are no known workarounds for this vulnerability.

Affected configurations

Vulners

NVD

Node

baserprojectbasercmsRange<4.7.2

CPENameOperatorVersion
basercms:basercmsbasercmslt4.7.2

CPE	Name	Operator	Version
basercms:basercms	basercms	lt	4.7.2

CNA Affected

[
  {
    "vendor": "baserproject",
    "product": "basercms",
    "versions": [
      {
        "version": "< 4.7.2",
        "status": "affected"
      }
    ]
  }
]