Lucene search
K

752 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 7:8 p.m.5 views

CVE-2021-20681

Improper neutralization of JavaScript input in the page editing function of baserCMS versions prior to 4.4.5 allows remote authenticated attackers to inject an arbitrary script via unspecified vectors...

5.4CVSS6.5AI score0.00731EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:8 p.m.9 views

CVE-2021-20683

Improper neutralization of JavaScript input in the blog article editing function of baserCMS versions prior to 4.4.5 allows remote authenticated attackers to inject an arbitrary script via unspecified vectors...

5.4CVSS6.5AI score0.00731EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 6:17 p.m.7 views

CVE-2021-20682

baserCMS versions prior to 4.4.5 allows a remote attacker with an administrative privilege to execute arbitrary OS commands via unspecified vectors...

9CVSS7.8AI score0.02475EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 5:9 a.m.5 views

CVE-2011-2673

Cross-site scripting XSS vulnerability in BaserCMS before 1.6.13.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

4.3CVSS5.9AI score0.01549EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:54 a.m.9 views

CVE-2011-2674

BaserCMS before 1.6.12 does not properly restrict additions to the membership of the operators group, which allows remote authenticated users to gain privileges via unspecified vectors...

4.9CVSS6.9AI score0.01344EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/06 3:59 a.m.9 views

CVE-2021-39136

baserCMS is an open source content management system with a focus on Japanese language support. In affected versions there is a cross-site scripting vulnerability in the file upload function of the management system of baserCMS. Users are advised to update as soon as possible. No workaround are...

8.7CVSS6AI score0.00929EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 2:56 p.m.11 views

CVE-2020-15155

baserCMS 4.3.6 and earlier is affected by Cross Site Scripting XSS via arbitrary script execution. Admin access is required to exploit this vulnerability. The affected components is toolbar.php. The issue is fixed in version 4.3.7...

7.3CVSS5.9AI score0.01285EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/02/05 2:55 p.m.6 views

CVE-2020-15276

baserCMS before version 4.4.1 is vulnerable to Cross-Site Scripting. Arbitrary JavaScript may be executed by entering a crafted nickname in blog comments. The issue affects the blog comment component. It is fixed in version 4.4.1...

8.7CVSS6.4AI score0.0099EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/02/05 2:52 p.m.8 views

CVE-2020-15273

baserCMS before version 4.4.1 is vulnerable to Cross-Site Scripting. The issue affects the following components: Edit feed settings, Edit widget area, Sub site new registration, New category registration. Arbitrary JavaScript may be executed by entering specific characters in the account that can...

8.1CVSS6.4AI score0.01016EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/02/05 2:51 p.m.9 views

CVE-2020-15277

baserCMS before version 4.4.1 is affected by Remote Code Execution RCE. Code may be executed by logging in as a system administrator and uploading an executable script file such as a PHP file. The Edit template component is vulnerable. The issue is fixed in version 4.4.1...

7.2CVSS7.2AI score0.02215EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/02/05 2:48 p.m.10 views

CVE-2020-15154

baserCMS 4.3.6 and earlier is affected by Cross Site Scripting XSS via arbitrary script execution. Admin access is required to exploit this vulnerability. The affected components are: contentfields.php, contentinfo.php, contentoptions.php, contentrelated.php, indexlisttree.php, jquery.bcTree.js...

7.3CVSS5.9AI score0.01011EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/02/05 1:8 a.m.9 views

CVE-2024-46998

baserCMS is a website development framework. Versions prior to 5.1.2 have a cross-site scripting vulnerability in the Edit Email Form Settings Feature. Version 5.1.2 fixes the issue...

7.1CVSS6.1AI score0.00328EPSS
Exploits0
Veracode
Veracode
added 2024/11/07 6:18 a.m.8 views

Cross-site Scripting (XSS)

baserCMS is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper input validation in the blog post feature, allowing user-generated content to include malicious scripts...

6.3CVSS6.3AI score0.00303EPSS
Exploits0References2Affected Software1
Veracode
Veracode
added 2024/10/30 5:27 a.m.9 views

Cross-site Scripting (XSS)

baserCMS is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper input handling in HTTP 400 Bad Request responses, allowing for potential XSS attacks...

6.1CVSS5.7AI score0.00286EPSS
Exploits0References5Affected Software1
Veracode
Veracode
added 2024/10/30 4:47 a.m.11 views

Cross-site Scripting (XSS)

baserCMS is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper input handling in the Edit Email Form Settings feature, allowing for potential XSS attacks...

7.1CVSS5.6AI score0.00328EPSS
Exploits0References5Affected Software1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2024/10/25 12:0 a.m.38 views

JVN#00876083: Multiple vulnerabilities in baserCMS

baserCMS provided by baserCMS Users Community contains multiple vulnerabilities listed below. Stored cross-site scripting vulnerability due to inappropriate Slug handling on Article Edit CWE-79 CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N Base Score 5.4 CVE-2024-46996 Stored cross-site scripting...

7.1CVSS6.3AI score0.00328EPSS
Exploits0
Snyk
Snyk
added 2024/10/24 7:41 p.m.1 views

Cross-site Scripting (XSS)

Overview baserproject/basercms is a Content management system based on CakePHP. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Edit Email Form Settings feature. An attacker can manipulate the web page content or hijack user sessions. Details Cross-site...

7.1CVSS5.3AI score0.00328EPSS
Exploits0References2
NVD
NVD
added 2024/10/24 7:15 p.m.15 views

CVE-2024-46995

baserCMS is a website development framework. Versions prior to 5.1.2 have a cross-site scripting vulnerability in HTTP 400 Bad Request. Version 5.1.2 fixes this issue...

6.1CVSS0.00286EPSS
Exploits0References2
NVD
NVD
added 2024/10/24 7:15 p.m.12 views

CVE-2024-46998

baserCMS is a website development framework. Versions prior to 5.1.2 have a cross-site scripting vulnerability in the Edit Email Form Settings Feature. Version 5.1.2 fixes the issue...

7.1CVSS0.00328EPSS
Exploits0References2
NVD
NVD
added 2024/10/24 7:15 p.m.13 views

CVE-2024-46996

baserCMS is a website development framework. Versions prior to 5.1.2 have a cross-site scripting vulnerability in the Blog posts feature. Version 5.1.2 fixes this issue...

6.3CVSS0.00303EPSS
Exploits0References2
Rows per page
Query Builder