Lucene search

GoogleOSV:GHSA-JJXQ-M8H3-4VW5

HistoryFeb 22, 2024 - 7:35 p.m.

baserCMS Cross-site Scripting vulnerability in Content Management

2024-02-2219:35:55

Google

osv.dev

basercms

cross-site scripting

content management

vulnerability

update

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

AI Score

6.4

Confidence

High

EPSS

Percentile

15.5%

JSON

There is a XSS Vulnerability in Content Management Feature to baserCMS.

Target

baserCMS 5.0.8 and earlier versions

Vulnerability

Malicious code may be executed in Content Management Feature.

Countermeasures

Update to the latest version of baserCMS

Please refer to the following page to reference for more information.
https://basercms.net/security/JVN_73283159

References

basercms.net/security/JVN_73283159

github.com/baserproject/basercms

github.com/baserproject/basercms/commit/18f426d63e752b4d22c40e9ea8d1f6e692ef601c

github.com/baserproject/basercms/security/advisories/GHSA-jjxq-m8h3-4vw5

nvd.nist.gov/vuln/detail/CVE-2024-26128