Lucene search

GitHub Advisory DatabaseGHSA-FW9X-CQJQ-7JX5

HistoryOct 26, 2023 - 8:48 p.m.

baserCMS CSRF vulnerability in Content preview Feature

2023-10-2620:48:44

CWE-352

GitHub Advisory Database

github.com

basercms

csrf

content preview

vulnerability

malicious code

update

security advisory

shiga takuma

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

25.3%

JSON

There is a CSRF Vulnerability in Content preview Feature to baserCMS.

This is a vulnerability that needs to be addressed when the management system is used by an unspecified number of users.
If you are eligible, please update to the new version as soon as possible.

Target

baserCMS 4.7.8 and earlier versions

Vulnerability

Malicious code may be executed in Content preview Feature.

Countermeasures

Update to the latest version of baserCMS

Please refer to the following page to reference for more information.
https://basercms.net/security/JVN_45547161

Credits

Shiga Takuma@BroadBand Security, Inc

Affected configurations

Vulners

Node

baserprojectbasercmsRange<4.8.0

CPENameOperatorVersion
baserproject/basercmslt4.8.0

CPE	Name	Operator	Version
	baserproject/basercms	lt	4.8.0

References

basercms.net/security/JVN_99052047

github.com/advisories/GHSA-fw9x-cqjq-7jx5

github.com/baserproject/basercms/commit/874c55433fead93e0be9df96fd28740f8047c8b6

github.com/baserproject/basercms/security/advisories/GHSA-fw9x-cqjq-7jx5

nvd.nist.gov/vuln/detail/CVE-2023-43649

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

25.3%

JSON

Related for GHSA-FW9X-CQJQ-7JX5