Lucene search

Veracode Vulnerability DatabaseVERACODE:45608

HistoryFeb 23, 2024 - 5:25 a.m.

Cross Site Scripting (XSS)

2024-02-2305:25:06

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

cross site scripting

basercms

content management

view/helper/bcadminformhelper.php

javascript injection

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

6.7 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

15.7%

JSON

baserproject/basercms is vulnerable to Cross Site Scripting (XSS). The vulnerability is due to improper sanitation with the content management feature in View/Helper/BcAdminFormHelper.php, which allows an attacker to inject and execute arbitrary JavaScript in the browser.

CPENameOperatorVersion
baserproject/basercmsle5.0.8
baserproject/basercmsle5.0.8

CPE	Name	Operator	Version
	baserproject/basercms	le	5.0.8
	baserproject/basercms	le	5.0.8

References

basercms.net/security/JVN_73283159

github.com/advisories/GHSA-jjxq-m8h3-4vw5

github.com/baserproject/basercms/commit/18f426d63e752b4d22c40e9ea8d1f6e692ef601c

github.com/baserproject/basercms/security/advisories/GHSA-jjxq-m8h3-4vw5