Lucene search

GoogleOSV:GHSA-66C2-P8RH-QX87

HistoryFeb 22, 2024 - 7:43 p.m.

baserCMS Cross-site Scripting vulnerability in Site search Feature

2024-02-2219:43:32

Google

osv.dev

basercms

cross-site scripting

site search feature

vulnerability

update

security advisory.

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

AI Score

6.4

Confidence

High

EPSS

Percentile

15.5%

JSON

There is a XSS Vulnerability in Site search Feature to baserCMS.

Target

baserCMS 5.0.8 and earlier versions

Vulnerability

Malicious code may be executed in Site search Feature.

Countermeasures

Update to the latest version of baserCMS

Please refer to the following page to reference for more information.
https://basercms.net/security/JVN_73283159

References

basercms.net/security/JVN_73283159

github.com/baserproject/basercms

github.com/baserproject/basercms/commit/18549396e5a9b8294306a54a876af164b0b57da4

github.com/baserproject/basercms/security/advisories/GHSA-66c2-p8rh-qx87

nvd.nist.gov/vuln/detail/CVE-2023-44379

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

AI Score

6.4

Confidence

High

EPSS

Percentile

15.5%

JSON

Related for OSV:GHSA-66C2-P8RH-QX87