Lucene search

GitHub Advisory DatabaseGHSA-JJXQ-M8H3-4VW5

HistoryFeb 22, 2024 - 7:35 p.m.

baserCMS Cross-site Scripting vulnerability in Content Management

2024-02-2219:35:55

CWE-79

GitHub Advisory Database

github.com

basercms

xss

vulnerability

update

countermeasures

content management

security

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

AI Score

6.4

Confidence

High

EPSS

Percentile

15.5%

JSON

There is a XSS Vulnerability in Content Management Feature to baserCMS.

Target

baserCMS 5.0.8 and earlier versions

Vulnerability

Malicious code may be executed in Content Management Feature.

Countermeasures

Update to the latest version of baserCMS

Please refer to the following page to reference for more information.
https://basercms.net/security/JVN_73283159

Affected configurations

Vulners

Node

baserprojectbasercmsRange<5.0.9

VendorProductVersionCPE
baserprojectbasercms*cpe:2.3:a:baserproject:basercms:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
baserproject	basercms	*	cpe:2.3:a:baserproject:basercms::::::::

References

basercms.net/security/JVN_73283159

github.com/advisories/GHSA-jjxq-m8h3-4vw5

github.com/baserproject/basercms/commit/18f426d63e752b4d22c40e9ea8d1f6e692ef601c

github.com/baserproject/basercms/security/advisories/GHSA-jjxq-m8h3-4vw5

nvd.nist.gov/vuln/detail/CVE-2024-26128