XSS in baserCMS before 4.1.4

2022-05-1401:50:42

Google

osv.dev

0.001 Low

EPSS

Percentile

24.8%

JSON

An issue was discovered in baserCMS before 4.1.4. In the Register New Category feature of the Upload menu, the category name can be used for XSS via the data[UploaderCategory][name] parameter to an admin/uploader/uploader_categories/edit URI.

CPENameOperatorVersion
baserproject/basercmseq2.0.0-rc2
baserproject/basercmseq3.0.6
baserproject/basercmseq2.0.0
baserproject/basercmseq3.0.22
baserproject/basercmseq3.0.10
baserproject/basercmseq3.0.13
baserproject/basercmseq4.1.0
baserproject/basercmseq0.0.7
baserproject/basercmseq3.0.12
baserproject/basercmseq3.0.11

Name	Operator	Version
baserproject/basercms	eq	2.0.0-rc2
baserproject/basercms	eq	3.0.6
baserproject/basercms	eq	2.0.0
baserproject/basercms	eq	3.0.22
baserproject/basercms	eq	3.0.10
baserproject/basercms	eq	3.0.13
baserproject/basercms	eq	4.1.0
baserproject/basercms	eq	0.0.7
baserproject/basercms	eq	3.0.12
baserproject/basercms	eq	3.0.11