Lucene search

GitHub Advisory DatabaseGHSA-66C2-P8RH-QX87

HistoryFeb 22, 2024 - 7:43 p.m.

baserCMS Cross-site Scripting vulnerability in Site search Feature

2024-02-2219:43:32

CWE-79

GitHub Advisory Database

github.com

basercms

cross-site scripting

site search

vulnerability

update

security

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

6.4 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

15.7%

JSON

There is a XSS Vulnerability in Site search Feature to baserCMS.

Target

baserCMS 5.0.8 and earlier versions

Vulnerability

Malicious code may be executed in Site search Feature.

Countermeasures

Update to the latest version of baserCMS

Please refer to the following page to reference for more information.
https://basercms.net/security/JVN_73283159

Affected configurations

Vulners

Node

baserprojectbasercmsRange<5.0.9

CPENameOperatorVersion
baserproject/basercmslt5.0.9

CPE	Name	Operator	Version
	baserproject/basercms	lt	5.0.9

References

basercms.net/security/JVN_73283159

github.com/advisories/GHSA-66c2-p8rh-qx87

github.com/baserproject/basercms/commit/18549396e5a9b8294306a54a876af164b0b57da4

github.com/baserproject/basercms/security/advisories/GHSA-66c2-p8rh-qx87

nvd.nist.gov/vuln/detail/CVE-2023-44379

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

6.4 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

15.7%

JSON

Related for GHSA-66C2-P8RH-QX87