Design/Logic Flaw

2018-11-0509:29:00

PRIOn knowledge base

www.prio-n.com

4.7 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

24.8%

JSON

An issue was discovered in baserCMS before 4.1.4. In the Register New Category feature of the Upload menu, the category name can be used for XSS via the data[UploaderCategory][name] parameter to an admin/uploader/uploader_categories/edit URI.

CPENameOperatorVersion
basercmslt4.1.4

CPE	Name	Operator	Version
	basercms	lt	4.1.4

References

sunu11.com/2018/10/31/baserCMS/

basercms.net/release/4_1_4