All the vulnerabilites related to baserCMS Users Community - baserCMS
cve-2021-20683
Vulnerability from cvelistv5
Published
2021-03-26 08:50
Modified
2024-08-03 17:45
Severity ?
EPSS score ?
Summary
Improper neutralization of JavaScript input in the blog article editing function of baserCMS versions prior to 4.4.5 allows remote authenticated attackers to inject an arbitrary script via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://basercms.net/security/JVN64869876 | x_refsource_MISC | |
| https://jvn.jp/en/jp/JVN64869876/index.html | x_refsource_MISC |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| baserCMS Users Community | baserCMS |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:45:45.450Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://basercms.net/security/JVN64869876"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN64869876/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "baserCMS",
"vendor": "baserCMS Users Community",
"versions": [
{
"status": "affected",
"version": "versions prior to 4.4.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper neutralization of JavaScript input in the blog article editing function of baserCMS versions prior to 4.4.5 allows remote authenticated attackers to inject an arbitrary script via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-03-26T08:50:28",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://basercms.net/security/JVN64869876"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN64869876/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2021-20683",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "baserCMS",
"version": {
"version_data": [
{
"version_value": "versions prior to 4.4.5"
}
]
}
}
]
},
"vendor_name": "baserCMS Users Community"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper neutralization of JavaScript input in the blog article editing function of baserCMS versions prior to 4.4.5 allows remote authenticated attackers to inject an arbitrary script via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://basercms.net/security/JVN64869876",
"refsource": "MISC",
"url": "https://basercms.net/security/JVN64869876"
},
{
"name": "https://jvn.jp/en/jp/JVN64869876/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN64869876/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2021-20683",
"datePublished": "2021-03-26T08:50:29",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-08-03T17:45:45.450Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-4883
Vulnerability from cvelistv5
Published
2017-05-12 18:00
Modified
2024-08-06 00:46
Severity ?
EPSS score ?
Summary
Cross-site scripting vulnerability in baserCMS version 3.0.10 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://basercms.net/security/JVN92765814 | x_refsource_CONFIRM | |
| https://jvn.jp/en/jp/JVN92765814/index.html | third-party-advisory, x_refsource_JVN | |
| http://www.securityfocus.com/bid/93217 | vdb-entry, x_refsource_BID |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| baserCMS Users Community | baserCMS |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:46:39.208Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://basercms.net/security/JVN92765814"
},
{
"name": "JVN#92765814",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN92765814/index.html"
},
{
"name": "93217",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/93217"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "baserCMS",
"vendor": "baserCMS Users Community",
"versions": [
{
"status": "affected",
"version": "version 3.0.10 and earlier"
}
]
}
],
"datePublic": "2016-09-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in baserCMS version 3.0.10 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-05-15T09:57:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://basercms.net/security/JVN92765814"
},
{
"name": "JVN#92765814",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN92765814/index.html"
},
{
"name": "93217",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/93217"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2016-4883",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "baserCMS",
"version": {
"version_data": [
{
"version_value": "version 3.0.10 and earlier"
}
]
}
}
]
},
"vendor_name": "baserCMS Users Community"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in baserCMS version 3.0.10 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://basercms.net/security/JVN92765814",
"refsource": "CONFIRM",
"url": "http://basercms.net/security/JVN92765814"
},
{
"name": "JVN#92765814",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN92765814/index.html"
},
{
"name": "93217",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93217"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2016-4883",
"datePublished": "2017-05-12T18:00:00",
"dateReserved": "2016-05-17T00:00:00",
"dateUpdated": "2024-08-06T00:46:39.208Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-0573
Vulnerability from cvelistv5
Published
2018-06-26 14:00
Modified
2024-08-05 03:28
Severity ?
EPSS score ?
Summary
baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote attackers to bypass access restriction for a content to view a file which is uploaded by a site user via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://basercms.net/security/JVN67881316 | x_refsource_MISC | |
| http://jvn.jp/en/jp/JVN67881316/index.html | third-party-advisory, x_refsource_JVN |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| baserCMS Users Community | baserCMS |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:28:11.145Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://basercms.net/security/JVN67881316"
},
{
"name": "JVN#67881316",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN67881316/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "baserCMS",
"vendor": "baserCMS Users Community",
"versions": [
{
"status": "affected",
"version": "(baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions)"
}
]
}
],
"datePublic": "2018-06-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote attackers to bypass access restriction for a content to view a file which is uploaded by a site user via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Fails to restrict access",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-06-26T13:57:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://basercms.net/security/JVN67881316"
},
{
"name": "JVN#67881316",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN67881316/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2018-0573",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "baserCMS",
"version": {
"version_data": [
{
"version_value": "(baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions)"
}
]
}
}
]
},
"vendor_name": "baserCMS Users Community"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote attackers to bypass access restriction for a content to view a file which is uploaded by a site user via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Fails to restrict access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://basercms.net/security/JVN67881316",
"refsource": "MISC",
"url": "https://basercms.net/security/JVN67881316"
},
{
"name": "JVN#67881316",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN67881316/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2018-0573",
"datePublished": "2018-06-26T14:00:00",
"dateReserved": "2017-11-27T00:00:00",
"dateUpdated": "2024-08-05T03:28:11.145Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-4876
Vulnerability from cvelistv5
Published
2017-05-12 18:00
Modified
2024-08-06 00:46
Severity ?
EPSS score ?
Summary
Cross-site request forgery (CSRF) vulnerability in baserCMS version 3.0.10 and earlier allows remote attackers to hijack the authentication of administrators to execute arbitrary PHP code via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://jvn.jp/en/jp/JVN92765814/index.html | third-party-advisory, x_refsource_JVN | |
| http://www.securityfocus.com/bid/93217 | vdb-entry, x_refsource_BID | |
| http://basercms.net/security/JVN92765814 | x_refsource_MISC |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| baserCMS Users Community | baserCMS |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:46:39.229Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#92765814",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN92765814/index.html"
},
{
"name": "93217",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/93217"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://basercms.net/security/JVN92765814"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "baserCMS",
"vendor": "baserCMS Users Community",
"versions": [
{
"status": "affected",
"version": "version 3.0.10 and earlier"
}
]
}
],
"datePublic": "2016-09-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in baserCMS version 3.0.10 and earlier allows remote attackers to hijack the authentication of administrators to execute arbitrary PHP code via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site request forgery",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-05-15T09:57:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#92765814",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN92765814/index.html"
},
{
"name": "93217",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/93217"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://basercms.net/security/JVN92765814"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2016-4876",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "baserCMS",
"version": {
"version_data": [
{
"version_value": "version 3.0.10 and earlier"
}
]
}
}
]
},
"vendor_name": "baserCMS Users Community"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in baserCMS version 3.0.10 and earlier allows remote attackers to hijack the authentication of administrators to execute arbitrary PHP code via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site request forgery"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#92765814",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN92765814/index.html"
},
{
"name": "93217",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93217"
},
{
"name": "http://basercms.net/security/JVN92765814",
"refsource": "MISC",
"url": "http://basercms.net/security/JVN92765814"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2016-4876",
"datePublished": "2017-05-12T18:00:00",
"dateReserved": "2016-05-17T00:00:00",
"dateUpdated": "2024-08-06T00:46:39.229Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-0570
Vulnerability from cvelistv5
Published
2018-06-26 14:00
Modified
2024-08-05 03:28
Severity ?
EPSS score ?
Summary
Cross-site scripting vulnerability in baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://basercms.net/security/JVN67881316 | x_refsource_MISC | |
| http://jvn.jp/en/jp/JVN67881316/index.html | third-party-advisory, x_refsource_JVN |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| baserCMS Users Community | baserCMS |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:28:11.123Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://basercms.net/security/JVN67881316"
},
{
"name": "JVN#67881316",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN67881316/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "baserCMS",
"vendor": "baserCMS Users Community",
"versions": [
{
"status": "affected",
"version": "(baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions)"
}
]
}
],
"datePublic": "2018-06-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-06-26T13:57:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://basercms.net/security/JVN67881316"
},
{
"name": "JVN#67881316",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN67881316/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2018-0570",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "baserCMS",
"version": {
"version_data": [
{
"version_value": "(baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions)"
}
]
}
}
]
},
"vendor_name": "baserCMS Users Community"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://basercms.net/security/JVN67881316",
"refsource": "MISC",
"url": "https://basercms.net/security/JVN67881316"
},
{
"name": "JVN#67881316",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN67881316/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2018-0570",
"datePublished": "2018-06-26T14:00:00",
"dateReserved": "2017-11-27T00:00:00",
"dateUpdated": "2024-08-05T03:28:11.123Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-0575
Vulnerability from cvelistv5
Published
2018-06-26 14:00
Modified
2024-08-05 03:28
Severity ?
EPSS score ?
Summary
baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote attackers to bypass access restriction in mail form to view a file which is uploaded by a site user via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://basercms.net/security/JVN67881316 | x_refsource_MISC | |
| http://jvn.jp/en/jp/JVN67881316/index.html | third-party-advisory, x_refsource_JVN |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| baserCMS Users Community | baserCMS |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:28:11.082Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://basercms.net/security/JVN67881316"
},
{
"name": "JVN#67881316",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN67881316/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "baserCMS",
"vendor": "baserCMS Users Community",
"versions": [
{
"status": "affected",
"version": "(baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions)"
}
]
}
],
"datePublic": "2018-06-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote attackers to bypass access restriction in mail form to view a file which is uploaded by a site user via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Fails to restrict access",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-06-26T13:57:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://basercms.net/security/JVN67881316"
},
{
"name": "JVN#67881316",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN67881316/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2018-0575",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "baserCMS",
"version": {
"version_data": [
{
"version_value": "(baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions)"
}
]
}
}
]
},
"vendor_name": "baserCMS Users Community"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote attackers to bypass access restriction in mail form to view a file which is uploaded by a site user via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Fails to restrict access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://basercms.net/security/JVN67881316",
"refsource": "MISC",
"url": "https://basercms.net/security/JVN67881316"
},
{
"name": "JVN#67881316",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN67881316/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2018-0575",
"datePublished": "2018-06-26T14:00:00",
"dateReserved": "2017-11-27T00:00:00",
"dateUpdated": "2024-08-05T03:28:11.082Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-20682
Vulnerability from cvelistv5
Published
2021-03-26 08:50
Modified
2024-08-03 17:45
Severity ?
EPSS score ?
Summary
baserCMS versions prior to 4.4.5 allows a remote attacker with an administrative privilege to execute arbitrary OS commands via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://basercms.net/security/JVN64869876 | x_refsource_MISC | |
| https://jvn.jp/en/jp/JVN64869876/index.html | x_refsource_MISC |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| baserCMS Users Community | baserCMS |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:45:45.157Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://basercms.net/security/JVN64869876"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN64869876/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "baserCMS",
"vendor": "baserCMS Users Community",
"versions": [
{
"status": "affected",
"version": "versions prior to 4.4.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "baserCMS versions prior to 4.4.5 allows a remote attacker with an administrative privilege to execute arbitrary OS commands via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "OS Command Injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-03-26T08:50:28",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://basercms.net/security/JVN64869876"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN64869876/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2021-20682",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "baserCMS",
"version": {
"version_data": [
{
"version_value": "versions prior to 4.4.5"
}
]
}
}
]
},
"vendor_name": "baserCMS Users Community"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "baserCMS versions prior to 4.4.5 allows a remote attacker with an administrative privilege to execute arbitrary OS commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "OS Command Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://basercms.net/security/JVN64869876",
"refsource": "MISC",
"url": "https://basercms.net/security/JVN64869876"
},
{
"name": "https://jvn.jp/en/jp/JVN64869876/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN64869876/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2021-20682",
"datePublished": "2021-03-26T08:50:28",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-08-03T17:45:45.157Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-42486
Vulnerability from cvelistv5
Published
2022-12-07 00:00
Modified
2024-08-03 13:10
Severity ?
EPSS score ?
Summary
Stored cross-site scripting vulnerability in User group management of baserCMS versions prior to 4.7.2 allows a remote authenticated attacker with an administrative privilege to inject an arbitrary script.
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| baserCMS Users Community | baserCMS |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T13:10:40.919Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://basercms.net/security/JVN_53682526"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN53682526/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "baserCMS",
"vendor": "baserCMS Users Community",
"versions": [
{
"status": "affected",
"version": "versions prior to 4.7.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Stored cross-site scripting vulnerability in User group management of baserCMS versions prior to 4.7.2 allows a remote authenticated attacker with an administrative privilege to inject an arbitrary script."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-07T00:00:00",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://basercms.net/security/JVN_53682526"
},
{
"url": "https://jvn.jp/en/jp/JVN53682526/index.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2022-42486",
"datePublished": "2022-12-07T00:00:00",
"dateReserved": "2022-10-22T00:00:00",
"dateUpdated": "2024-08-03T13:10:40.919Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-4882
Vulnerability from cvelistv5
Published
2017-05-12 18:00
Modified
2024-08-06 00:46
Severity ?
EPSS score ?
Summary
Cross-site request forgery (CSRF) vulnerability in baserCMS version 3.0.10 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://basercms.net/security/JVN92765814 | x_refsource_CONFIRM | |
| https://jvn.jp/en/jp/JVN92765814/index.html | third-party-advisory, x_refsource_JVN | |
| http://www.securityfocus.com/bid/93217 | vdb-entry, x_refsource_BID |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| baserCMS Users Community | baserCMS |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:46:39.381Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://basercms.net/security/JVN92765814"
},
{
"name": "JVN#92765814",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN92765814/index.html"
},
{
"name": "93217",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/93217"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "baserCMS",
"vendor": "baserCMS Users Community",
"versions": [
{
"status": "affected",
"version": "version 3.0.10 and earlier"
}
]
}
],
"datePublic": "2016-09-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in baserCMS version 3.0.10 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site request forgery",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-05-15T09:57:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://basercms.net/security/JVN92765814"
},
{
"name": "JVN#92765814",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN92765814/index.html"
},
{
"name": "93217",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/93217"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2016-4882",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "baserCMS",
"version": {
"version_data": [
{
"version_value": "version 3.0.10 and earlier"
}
]
}
}
]
},
"vendor_name": "baserCMS Users Community"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in baserCMS version 3.0.10 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site request forgery"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://basercms.net/security/JVN92765814",
"refsource": "CONFIRM",
"url": "http://basercms.net/security/JVN92765814"
},
{
"name": "JVN#92765814",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN92765814/index.html"
},
{
"name": "93217",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93217"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2016-4882",
"datePublished": "2017-05-12T18:00:00",
"dateReserved": "2016-05-17T00:00:00",
"dateUpdated": "2024-08-06T00:46:39.381Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-0569
Vulnerability from cvelistv5
Published
2018-06-26 14:00
Modified
2024-08-05 03:28
Severity ?
EPSS score ?
Summary
baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote authenticated attackers to execute arbitrary OS commands via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://basercms.net/security/JVN67881316 | x_refsource_MISC | |
| http://jvn.jp/en/jp/JVN67881316/index.html | third-party-advisory, x_refsource_JVN |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| baserCMS Users Community | baserCMS |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:28:11.186Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://basercms.net/security/JVN67881316"
},
{
"name": "JVN#67881316",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN67881316/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "baserCMS",
"vendor": "baserCMS Users Community",
"versions": [
{
"status": "affected",
"version": "(baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions)"
}
]
}
],
"datePublic": "2018-06-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote authenticated attackers to execute arbitrary OS commands via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "OS Command Injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-06-26T13:57:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://basercms.net/security/JVN67881316"
},
{
"name": "JVN#67881316",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN67881316/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2018-0569",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "baserCMS",
"version": {
"version_data": [
{
"version_value": "(baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions)"
}
]
}
}
]
},
"vendor_name": "baserCMS Users Community"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote authenticated attackers to execute arbitrary OS commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "OS Command Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://basercms.net/security/JVN67881316",
"refsource": "MISC",
"url": "https://basercms.net/security/JVN67881316"
},
{
"name": "JVN#67881316",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN67881316/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2018-0569",
"datePublished": "2018-06-26T14:00:00",
"dateReserved": "2017-11-27T00:00:00",
"dateUpdated": "2024-08-05T03:28:11.186Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-20681
Vulnerability from cvelistv5
Published
2021-03-26 08:50
Modified
2024-08-03 17:45
Severity ?
EPSS score ?
Summary
Improper neutralization of JavaScript input in the page editing function of baserCMS versions prior to 4.4.5 allows remote authenticated attackers to inject an arbitrary script via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://basercms.net/security/JVN64869876 | x_refsource_MISC | |
| https://jvn.jp/en/jp/JVN64869876/index.html | x_refsource_MISC |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| baserCMS Users Community | baserCMS |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:45:45.212Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://basercms.net/security/JVN64869876"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN64869876/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "baserCMS",
"vendor": "baserCMS Users Community",
"versions": [
{
"status": "affected",
"version": "versions prior to 4.4.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper neutralization of JavaScript input in the page editing function of baserCMS versions prior to 4.4.5 allows remote authenticated attackers to inject an arbitrary script via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-03-26T08:50:27",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://basercms.net/security/JVN64869876"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN64869876/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2021-20681",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "baserCMS",
"version": {
"version_data": [
{
"version_value": "versions prior to 4.4.5"
}
]
}
}
]
},
"vendor_name": "baserCMS Users Community"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper neutralization of JavaScript input in the page editing function of baserCMS versions prior to 4.4.5 allows remote authenticated attackers to inject an arbitrary script via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://basercms.net/security/JVN64869876",
"refsource": "MISC",
"url": "https://basercms.net/security/JVN64869876"
},
{
"name": "https://jvn.jp/en/jp/JVN64869876/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN64869876/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2021-20681",
"datePublished": "2021-03-26T08:50:27",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-08-03T17:45:45.212Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-4878
Vulnerability from cvelistv5
Published
2017-05-12 18:00
Modified
2024-08-06 00:46
Severity ?
EPSS score ?
Summary
Cross-site request forgery (CSRF) vulnerability in baserCMS version 3.0.10 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://basercms.net/security/JVN92765814 | x_refsource_CONFIRM | |
| https://jvn.jp/en/jp/JVN92765814/index.html | third-party-advisory, x_refsource_JVN | |
| http://www.securityfocus.com/bid/93217 | vdb-entry, x_refsource_BID |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| baserCMS Users Community | baserCMS |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:46:38.553Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://basercms.net/security/JVN92765814"
},
{
"name": "JVN#92765814",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN92765814/index.html"
},
{
"name": "93217",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/93217"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "baserCMS",
"vendor": "baserCMS Users Community",
"versions": [
{
"status": "affected",
"version": "version 3.0.10 and earlier"
}
]
}
],
"datePublic": "2016-09-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in baserCMS version 3.0.10 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site request forgery",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-05-15T09:57:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://basercms.net/security/JVN92765814"
},
{
"name": "JVN#92765814",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN92765814/index.html"
},
{
"name": "93217",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/93217"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2016-4878",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "baserCMS",
"version": {
"version_data": [
{
"version_value": "version 3.0.10 and earlier"
}
]
}
}
]
},
"vendor_name": "baserCMS Users Community"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in baserCMS version 3.0.10 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site request forgery"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://basercms.net/security/JVN92765814",
"refsource": "CONFIRM",
"url": "http://basercms.net/security/JVN92765814"
},
{
"name": "JVN#92765814",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN92765814/index.html"
},
{
"name": "93217",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93217"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2016-4878",
"datePublished": "2017-05-12T18:00:00",
"dateReserved": "2016-05-17T00:00:00",
"dateUpdated": "2024-08-06T00:46:38.553Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-10842
Vulnerability from cvelistv5
Published
2017-08-28 20:00
Modified
2024-08-05 17:50
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in the baserCMS 3.0.14 and earlier, 4.0.5 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://basercms.net/security/JVN78151490 | x_refsource_MISC | |
| http://jvn.jp/en/jp/JVN78151490/index.html | third-party-advisory, x_refsource_JVN |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| baserCMS Users Community | baserCMS |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:50:12.539Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://basercms.net/security/JVN78151490"
},
{
"name": "JVN#78151490",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN78151490/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "baserCMS",
"vendor": "baserCMS Users Community",
"versions": [
{
"status": "affected",
"version": "3.0.14 and earlier"
},
{
"status": "affected",
"version": "4.0.5 and earlier"
}
]
}
],
"datePublic": "2017-08-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the baserCMS 3.0.14 and earlier, 4.0.5 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "SQL Injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T19:57:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://basercms.net/security/JVN78151490"
},
{
"name": "JVN#78151490",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN78151490/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2017-10842",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "baserCMS",
"version": {
"version_data": [
{
"version_value": "3.0.14 and earlier"
},
{
"version_value": "4.0.5 and earlier"
}
]
}
}
]
},
"vendor_name": "baserCMS Users Community"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the baserCMS 3.0.14 and earlier, 4.0.5 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "SQL Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://basercms.net/security/JVN78151490",
"refsource": "MISC",
"url": "https://basercms.net/security/JVN78151490"
},
{
"name": "JVN#78151490",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN78151490/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2017-10842",
"datePublished": "2017-08-28T20:00:00",
"dateReserved": "2017-07-04T00:00:00",
"dateUpdated": "2024-08-05T17:50:12.539Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-10843
Vulnerability from cvelistv5
Published
2017-08-28 20:00
Modified
2024-08-05 17:50
Severity ?
EPSS score ?
Summary
baserCMS version 3.0.14 and earlier, 4.0.5 and earlier allows remote attackers to delete arbitrary files via unspecified vectors when the "File" field is being used in the mail form.
References
| ▼ | URL | Tags |
|---|---|---|
| https://basercms.net/security/JVN78151490 | x_refsource_MISC | |
| http://jvn.jp/en/jp/JVN78151490/index.html | third-party-advisory, x_refsource_JVN |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| baserCMS Users Community | baserCMS |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:50:12.626Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://basercms.net/security/JVN78151490"
},
{
"name": "JVN#78151490",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN78151490/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "baserCMS",
"vendor": "baserCMS Users Community",
"versions": [
{
"status": "affected",
"version": "3.0.14 and earlier"
},
{
"status": "affected",
"version": "4.0.5 and earlier"
}
]
}
],
"datePublic": "2017-08-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "baserCMS version 3.0.14 and earlier, 4.0.5 and earlier allows remote attackers to delete arbitrary files via unspecified vectors when the \"File\" field is being used in the mail form."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Arbitrary File Deletion",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T19:57:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://basercms.net/security/JVN78151490"
},
{
"name": "JVN#78151490",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN78151490/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2017-10843",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "baserCMS",
"version": {
"version_data": [
{
"version_value": "3.0.14 and earlier"
},
{
"version_value": "4.0.5 and earlier"
}
]
}
}
]
},
"vendor_name": "baserCMS Users Community"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "baserCMS version 3.0.14 and earlier, 4.0.5 and earlier allows remote attackers to delete arbitrary files via unspecified vectors when the \"File\" field is being used in the mail form."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Arbitrary File Deletion"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://basercms.net/security/JVN78151490",
"refsource": "MISC",
"url": "https://basercms.net/security/JVN78151490"
},
{
"name": "JVN#78151490",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN78151490/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2017-10843",
"datePublished": "2017-08-28T20:00:00",
"dateReserved": "2017-07-04T00:00:00",
"dateUpdated": "2024-08-05T17:50:12.626Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-0571
Vulnerability from cvelistv5
Published
2018-06-26 14:00
Modified
2024-08-05 03:28
Severity ?
EPSS score ?
Summary
baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote attackers with a site operator privilege to upload arbitrary files.
References
| ▼ | URL | Tags |
|---|---|---|
| https://basercms.net/security/JVN67881316 | x_refsource_MISC | |
| http://jvn.jp/en/jp/JVN67881316/index.html | third-party-advisory, x_refsource_JVN |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| baserCMS Users Community | baserCMS |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:28:11.168Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://basercms.net/security/JVN67881316"
},
{
"name": "JVN#67881316",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN67881316/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "baserCMS",
"vendor": "baserCMS Users Community",
"versions": [
{
"status": "affected",
"version": "(baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions)"
}
]
}
],
"datePublic": "2018-06-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote attackers with a site operator privilege to upload arbitrary files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-06-26T13:57:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://basercms.net/security/JVN67881316"
},
{
"name": "JVN#67881316",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN67881316/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2018-0571",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "baserCMS",
"version": {
"version_data": [
{
"version_value": "(baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions)"
}
]
}
}
]
},
"vendor_name": "baserCMS Users Community"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote attackers with a site operator privilege to upload arbitrary files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Unrestricted Upload of File with Dangerous Type"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://basercms.net/security/JVN67881316",
"refsource": "MISC",
"url": "https://basercms.net/security/JVN67881316"
},
{
"name": "JVN#67881316",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN67881316/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2018-0571",
"datePublished": "2018-06-26T14:00:00",
"dateReserved": "2017-11-27T00:00:00",
"dateUpdated": "2024-08-05T03:28:11.168Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-0572
Vulnerability from cvelistv5
Published
2018-06-26 14:00
Modified
2024-08-05 03:28
Severity ?
EPSS score ?
Summary
baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote authenticated attackers to bypass access restriction to view or alter a restricted content via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://basercms.net/security/JVN67881316 | x_refsource_MISC | |
| http://jvn.jp/en/jp/JVN67881316/index.html | third-party-advisory, x_refsource_JVN |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| baserCMS Users Community | baserCMS |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:28:11.141Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://basercms.net/security/JVN67881316"
},
{
"name": "JVN#67881316",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN67881316/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "baserCMS",
"vendor": "baserCMS Users Community",
"versions": [
{
"status": "affected",
"version": "(baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions)"
}
]
}
],
"datePublic": "2018-06-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote authenticated attackers to bypass access restriction to view or alter a restricted content via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Fails to restrict access",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-06-26T13:57:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://basercms.net/security/JVN67881316"
},
{
"name": "JVN#67881316",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN67881316/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2018-0572",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "baserCMS",
"version": {
"version_data": [
{
"version_value": "(baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions)"
}
]
}
}
]
},
"vendor_name": "baserCMS Users Community"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote authenticated attackers to bypass access restriction to view or alter a restricted content via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Fails to restrict access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://basercms.net/security/JVN67881316",
"refsource": "MISC",
"url": "https://basercms.net/security/JVN67881316"
},
{
"name": "JVN#67881316",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN67881316/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2018-0572",
"datePublished": "2018-06-26T14:00:00",
"dateReserved": "2017-11-27T00:00:00",
"dateUpdated": "2024-08-05T03:28:11.141Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-41994
Vulnerability from cvelistv5
Published
2022-12-07 00:00
Modified
2024-08-03 12:56
Severity ?
EPSS score ?
Summary
Stored cross-site scripting vulnerability in Permission Settings of baserCMS versions prior to 4.7.2 allows a remote authenticated attacker with an administrative privilege to inject an arbitrary script.
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| baserCMS Users Community | baserCMS |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T12:56:39.236Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://basercms.net/security/JVN_53682526"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN53682526/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "baserCMS",
"vendor": "baserCMS Users Community",
"versions": [
{
"status": "affected",
"version": "versions prior to 4.7.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Stored cross-site scripting vulnerability in Permission Settings of baserCMS versions prior to 4.7.2 allows a remote authenticated attacker with an administrative privilege to inject an arbitrary script."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-07T00:00:00",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://basercms.net/security/JVN_53682526"
},
{
"url": "https://jvn.jp/en/jp/JVN53682526/index.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2022-41994",
"datePublished": "2022-12-07T00:00:00",
"dateReserved": "2022-10-22T00:00:00",
"dateUpdated": "2024-08-03T12:56:39.236Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-0574
Vulnerability from cvelistv5
Published
2018-06-26 14:00
Modified
2024-08-05 03:28
Severity ?
EPSS score ?
Summary
Cross-site scripting vulnerability in baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://basercms.net/security/JVN67881316 | x_refsource_MISC | |
| http://jvn.jp/en/jp/JVN67881316/index.html | third-party-advisory, x_refsource_JVN |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| baserCMS Users Community | baserCMS |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:28:11.127Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://basercms.net/security/JVN67881316"
},
{
"name": "JVN#67881316",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN67881316/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "baserCMS",
"vendor": "baserCMS Users Community",
"versions": [
{
"status": "affected",
"version": "(baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions)"
}
]
}
],
"datePublic": "2018-06-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-06-26T13:57:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://basercms.net/security/JVN67881316"
},
{
"name": "JVN#67881316",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN67881316/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2018-0574",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "baserCMS",
"version": {
"version_data": [
{
"version_value": "(baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions)"
}
]
}
}
]
},
"vendor_name": "baserCMS Users Community"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://basercms.net/security/JVN67881316",
"refsource": "MISC",
"url": "https://basercms.net/security/JVN67881316"
},
{
"name": "JVN#67881316",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN67881316/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2018-0574",
"datePublished": "2018-06-26T14:00:00",
"dateReserved": "2017-11-27T00:00:00",
"dateUpdated": "2024-08-05T03:28:11.127Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
jvndb-2016-000182
Vulnerability from jvndb
Published
2016-09-29 16:04
Modified
2017-11-27 16:37
Severity ?
Summary
baserCMS plugin Mail vulnerable to cross-site request forgery
Details
baserCMS provided by baserCMS User Group is an opensource content management system. baserCMS and bundled plugin Mail contain a cross-site request forgery vulnerability.
Masamu Asato of National Institute of Technology, Okinawa College reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| ▼ | Type | URL |
|---|---|---|
| JVN | https://jvn.jp/en/jp/JVN92765814/index.html | |
| CVE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4886 | |
| NVD | https://nvd.nist.gov/vuln/detail/CVE-2016-4886 | |
| Cross-Site Request Forgery(CWE-352) | https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| baserCMS Users Community | baserCMS |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000182.html",
"dc:date": "2017-11-27T16:37+09:00",
"dcterms:issued": "2016-09-29T16:04+09:00",
"dcterms:modified": "2017-11-27T16:37+09:00",
"description": "baserCMS provided by baserCMS User Group is an opensource content management system. baserCMS and bundled plugin Mail contain a cross-site request forgery vulnerability.\r\n\r\nMasamu Asato of National Institute of Technology, Okinawa College reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000182.html",
"sec:cpe": {
"#text": "cpe:/a:basercms:basercms",
"@product": "baserCMS",
"@vendor": "baserCMS Users Community",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "2.6",
"@severity": "Low",
"@type": "Base",
"@vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
{
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2016-000182",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN92765814/index.html",
"@id": "JVN#92765814",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4886",
"@id": "CVE-2016-4886",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2016-4886",
"@id": "CVE-2016-4886",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-352",
"@title": "Cross-Site Request Forgery(CWE-352)"
}
],
"title": "baserCMS plugin Mail vulnerable to cross-site request forgery"
}
jvndb-2016-000174
Vulnerability from jvndb
Published
2016-09-29 16:04
Modified
2017-11-27 16:37
Severity ?
Summary
baserCMS plugin Mail vulnerable to cross-site request forgery
Details
baserCMS provided by baserCMS User Group is an opensource content management system. baserCMS and bundled plugin Mail contain a cross-site request forgery vulnerability.
Isao Takaesu of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| ▼ | Type | URL |
|---|---|---|
| JVN | https://jvn.jp/en/jp/JVN92765814/index.html | |
| CVE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4879 | |
| NVD | https://nvd.nist.gov/vuln/detail/CVE-2016-4879 | |
| Cross-Site Request Forgery(CWE-352) | https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| baserCMS Users Community | baserCMS |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000174.html",
"dc:date": "2017-11-27T16:37+09:00",
"dcterms:issued": "2016-09-29T16:04+09:00",
"dcterms:modified": "2017-11-27T16:37+09:00",
"description": "baserCMS provided by baserCMS User Group is an opensource content management system. baserCMS and bundled plugin Mail contain a cross-site request forgery vulnerability.\r\n\r\nIsao Takaesu of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000174.html",
"sec:cpe": {
"#text": "cpe:/a:basercms:basercms",
"@product": "baserCMS",
"@vendor": "baserCMS Users Community",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "2.6",
"@severity": "Low",
"@type": "Base",
"@vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
{
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2016-000174",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN92765814/index.html",
"@id": "JVN#92765814",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4879",
"@id": "CVE-2016-4879",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2016-4879",
"@id": "CVE-2016-4879",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-352",
"@title": "Cross-Site Request Forgery(CWE-352)"
}
],
"title": "baserCMS plugin Mail vulnerable to cross-site request forgery"
}
jvndb-2011-000066
Vulnerability from jvndb
Published
2011-09-30 18:45
Modified
2011-09-30 18:45
Summary
BaserCMS vulnerable to access restriction
Details
BaserCMS contains a vulnerability in access restriction.
BaserCMS is an open-source Contents Management System (CMS). BaserCMS contains a vulnerability in access restriction where adding a user in the user group "operators" which is created by default when BaserCMS is installed.
Masako Ohno reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| baserCMS Users Community | baserCMS |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000066.html",
"dc:date": "2011-09-30T18:45+09:00",
"dcterms:issued": "2011-09-30T18:45+09:00",
"dcterms:modified": "2011-09-30T18:45+09:00",
"description": "BaserCMS contains a vulnerability in access restriction.\r\n\r\nBaserCMS is an open-source Contents Management System (CMS). BaserCMS contains a vulnerability in access restriction where adding a user in the user group \"operators\" which is created by default when BaserCMS is installed.\r\n\r\nMasako Ohno reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000066.html",
"sec:cpe": {
"#text": "cpe:/a:basercms:basercms",
"@product": "baserCMS",
"@vendor": "baserCMS Users Community",
"@version": "2.2"
},
"sec:cvss": {
"@score": "4.9",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:S/C:P/I:P/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2011-000066",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN16617002/index.html",
"@id": "JVN#16617002",
"@source": "JVN"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2674",
"@id": "CVE-2011-2674",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-2674",
"@id": "CVE-2011-2674",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-264",
"@title": "Permissions(CWE-264)"
}
],
"title": "BaserCMS vulnerable to access restriction"
}
jvndb-2016-000030
Vulnerability from jvndb
Published
2016-02-19 14:39
Modified
2016-03-07 15:51
Severity ?
Summary
baserCMS vulnerable to OS command injection
Details
baserCMS is an open-source Contents Management System (CMS). baserCMS contains an OS command injection vulnerability (CWE-78).
Shoji Baba reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| baserCMS Users Community | baserCMS |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000030.html",
"dc:date": "2016-03-07T15:51+09:00",
"dcterms:issued": "2016-02-19T14:39+09:00",
"dcterms:modified": "2016-03-07T15:51+09:00",
"description": "baserCMS is an open-source Contents Management System (CMS). baserCMS contains an OS command injection vulnerability (CWE-78).\r\n\r\nShoji Baba reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000030.html",
"sec:cpe": {
"#text": "cpe:/a:basercms:basercms",
"@product": "baserCMS",
"@vendor": "baserCMS Users Community",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "6.5",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"@version": "2.0"
},
{
"@score": "6.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2016-000030",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN69854312/index.html",
"@id": "JVN#69854312",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7769",
"@id": "CVE-2015-7769",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-7769",
"@id": "CVE-2015-7769",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-78",
"@title": "OS Command Injection(CWE-78)"
}
],
"title": "baserCMS vulnerable to OS command injection"
}
jvndb-2018-000055
Vulnerability from jvndb
Published
2018-05-22 14:53
Modified
2019-12-27 18:10
Severity ?
Summary
Multiple vulnerabilities in baserCMS
Details
baserCMS provided by baserCMS Users Community is an opensource content management system. baserCMS contains multiple vulnerabilities listed below.
*Command injection (CWE-94) - CVE-2018-0569
*Cross-site scripting (CWE-79) - CVE-2018-0570
*Unrestricted Upload of File with Dangerous Type in upload file management function (CWE-434) - CVE-2018-0571
*Restrict access permissions failure in contents management function (CWE-264) - CVE-2018-0572
*Restrict access permissions failture for a content with a period being public is expired (CWE-264) - CVE-2018-0573
*Cross-site scripting in theme management function (CWE-79) - CVE-2018-0574
*Restrict access permissions failure in the function to attach files in mail form (CWE-264) - CVE-2018-0575
Following researchers reported respective vulnerabilities to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning partnership.
CVE-2018-0569, CVE-2018-0570, CVE-2018-0571, CVE-2018-0572, and CVE-2018-0573
Toshitsugu Yoneyama and Gaku Mochizuki of Mitsui Bussan Secure Directions, Inc.
CVE-2018-0574 and CVE-2018-0575
Gaku Mochizuki of Mitsui Bussan Secure Directions, Inc.
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| baserCMS Users Community | baserCMS |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2018/JVNDB-2018-000055.html",
"dc:date": "2019-12-27T18:10+09:00",
"dcterms:issued": "2018-05-22T14:53+09:00",
"dcterms:modified": "2019-12-27T18:10+09:00",
"description": "baserCMS provided by baserCMS Users Community is an opensource content management system. baserCMS contains multiple vulnerabilities listed below. \r\n\r\n*Command injection (CWE-94) - CVE-2018-0569 \r\n*Cross-site scripting (CWE-79) - CVE-2018-0570 \r\n*Unrestricted Upload of File with Dangerous Type in upload file management function (CWE-434) - CVE-2018-0571 \r\n*Restrict access permissions failure in contents management function (CWE-264) - CVE-2018-0572 \r\n*Restrict access permissions failture for a content with a period being public is expired (CWE-264) - CVE-2018-0573 \r\n*Cross-site scripting in theme management function (CWE-79) - CVE-2018-0574 \r\n*Restrict access permissions failure in the function to attach files in mail form (CWE-264) - CVE-2018-0575 \r\n\r\nFollowing researchers reported respective vulnerabilities to IPA.\r\n JPCERT/CC coordinated with the developer under Information Security Early Warning partnership.\r\n\r\n CVE-2018-0569, CVE-2018-0570, CVE-2018-0571, CVE-2018-0572, and CVE-2018-0573\r\n Toshitsugu Yoneyama and Gaku Mochizuki of Mitsui Bussan Secure Directions, Inc.\r\n\r\n CVE-2018-0574 and CVE-2018-0575\r\n Gaku Mochizuki of Mitsui Bussan Secure Directions, Inc.",
"link": "https://jvndb.jvn.jp/en/contents/2018/JVNDB-2018-000055.html",
"sec:cpe": {
"#text": "cpe:/a:basercms:basercms",
"@product": "baserCMS",
"@vendor": "baserCMS Users Community",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "6.5",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"@version": "2.0"
},
{
"@score": "6.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2018-000055",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN67881316/index.html",
"@id": "JVN#67881316",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0569",
"@id": "CVE-2018-0569",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0570",
"@id": "CVE-2018-0570",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0571",
"@id": "CVE-2018-0571",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0572",
"@id": "CVE-2018-0572",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0573",
"@id": "CVE-2018-0573",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0574",
"@id": "CVE-2018-0574",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0575",
"@id": "CVE-2018-0575",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2018-0569",
"@id": "CVE-2018-0569",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2018-0570",
"@id": "CVE-2018-0570",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2018-0571",
"@id": "CVE-2018-0571",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2018-0572",
"@id": "CVE-2018-0572",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2018-0573",
"@id": "CVE-2018-0573",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2018-0574",
"@id": "CVE-2018-0574",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2018-0575",
"@id": "CVE-2018-0575",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-264",
"@title": "Permissions(CWE-264)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-94",
"@title": "Code Injection(CWE-94)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "Multiple vulnerabilities in baserCMS"
}
jvndb-2016-000181
Vulnerability from jvndb
Published
2016-09-29 16:04
Modified
2017-11-27 16:37
Severity ?
Summary
baserCMS plugin Feed vulnerable to cross-site request forgery
Details
baserCMS provided by baserCMS User Group is an opensource content management system. baserCMS and bundled plugin Feed contain a cross-site request forgery vulnerability.
Masamu Asato of National Institute of Technology, Okinawa College reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| ▼ | Type | URL |
|---|---|---|
| JVN | https://jvn.jp/en/jp/JVN92765814/index.html | |
| CVE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4885 | |
| NVD | https://nvd.nist.gov/vuln/detail/CVE-2016-4885 | |
| Cross-Site Request Forgery(CWE-352) | https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| baserCMS Users Community | baserCMS |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000181.html",
"dc:date": "2017-11-27T16:37+09:00",
"dcterms:issued": "2016-09-29T16:04+09:00",
"dcterms:modified": "2017-11-27T16:37+09:00",
"description": "baserCMS provided by baserCMS User Group is an opensource content management system. baserCMS and bundled plugin Feed contain a cross-site request forgery vulnerability.\r\n\r\nMasamu Asato of National Institute of Technology, Okinawa College reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000181.html",
"sec:cpe": {
"#text": "cpe:/a:basercms:basercms",
"@product": "baserCMS",
"@vendor": "baserCMS Users Community",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "2.6",
"@severity": "Low",
"@type": "Base",
"@vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
{
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2016-000181",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN92765814/index.html",
"@id": "JVN#92765814",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4885",
"@id": "CVE-2016-4885",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2016-4885",
"@id": "CVE-2016-4885",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-352",
"@title": "Cross-Site Request Forgery(CWE-352)"
}
],
"title": "baserCMS plugin Feed vulnerable to cross-site request forgery"
}
jvndb-2022-000094
Vulnerability from jvndb
Published
2022-11-25 13:42
Modified
2024-05-31 18:17
Severity ?
Summary
Multiple cross-site scripting vulnerabilities in baserCMS
Details
baserCMS provided by baserCMS Users Community contains multiple cross-site scripting vulnerabilities listed below.
* Stored cross-site scripting vulnerability in User management (CWE-79) - CVE-2022-39325
* Stored cross-site scripting vulnerability in Permission Settings (CWE-79) - CVE-2022-41994
* Stored cross-site scripting vulnerability in User group management (CWE-79) - CVE-2022-42486
CVE-2022-39325
YUYA KOTAKE of CARTA HOLDINGS, INC. and Shogo Iyota of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
CVE-2022-41994, CVE-2022-42486
Shogo Iyota of Mitsui Bussan Secure Directions, Inc. reported these vulnerabilities to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| baserCMS Users Community | baserCMS |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2022/JVNDB-2022-000094.html",
"dc:date": "2024-05-31T18:17+09:00",
"dcterms:issued": "2022-11-25T13:42+09:00",
"dcterms:modified": "2024-05-31T18:17+09:00",
"description": "baserCMS provided by baserCMS Users Community contains multiple cross-site scripting vulnerabilities listed below.\r\n\r\n * Stored cross-site scripting vulnerability in User management (CWE-79) - CVE-2022-39325\r\n * Stored cross-site scripting vulnerability in Permission Settings (CWE-79) - CVE-2022-41994\r\n * Stored cross-site scripting vulnerability in User group management (CWE-79) - CVE-2022-42486\r\n\r\nCVE-2022-39325\r\nYUYA KOTAKE of CARTA HOLDINGS, INC. and Shogo Iyota of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.\r\n\r\nCVE-2022-41994, CVE-2022-42486\r\nShogo Iyota of Mitsui Bussan Secure Directions, Inc. reported these vulnerabilities to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2022/JVNDB-2022-000094.html",
"sec:cpe": {
"#text": "cpe:/a:basercms:basercms",
"@product": "baserCMS",
"@vendor": "baserCMS Users Community",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "3.5",
"@severity": "Low",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"@version": "2.0"
},
{
"@score": "4.8",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2022-000094",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN53682526/index.html",
"@id": "JVN#53682526",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2022-39325",
"@id": "CVE-2022-39325",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2022-41994",
"@id": "CVE-2022-41994",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2022-42486",
"@id": "CVE-2022-42486",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-39325",
"@id": "CVE-2022-39325",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-41994",
"@id": "CVE-2022-41994",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-42486",
"@id": "CVE-2022-42486",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
}
],
"title": "Multiple cross-site scripting vulnerabilities in baserCMS"
}
jvndb-2023-000028
Vulnerability from jvndb
Published
2023-03-27 13:39
Modified
2024-06-06 17:31
Severity ?
Summary
baserCMS vulnerable to arbitrary file uploads
Details
baserCMS provided by baserCMS Users Community allows an authenticated user to upload arbitrary files (CWE-434).
Taisei Inoue of GMO Cybersecurity by Ierae, Inc. and Yusuke Akagi of Mitsui Bussan Secure Directions, Inc., Shiga Takuma of BroadBand Security, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| baserCMS Users Community | baserCMS |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-000028.html",
"dc:date": "2024-06-06T17:31+09:00",
"dcterms:issued": "2023-03-27T13:39+09:00",
"dcterms:modified": "2024-06-06T17:31+09:00",
"description": "baserCMS provided by baserCMS Users Community allows an authenticated user to upload arbitrary files (CWE-434).\r\n\r\nTaisei Inoue of GMO Cybersecurity by Ierae, Inc. and Yusuke Akagi of Mitsui Bussan Secure Directions, Inc., Shiga Takuma of BroadBand Security, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-000028.html",
"sec:cpe": {
"#text": "cpe:/a:basercms:basercms",
"@product": "baserCMS",
"@vendor": "baserCMS Users Community",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "4.0",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"@version": "2.0"
},
{
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2023-000028",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN61105618/index.html",
"@id": "JVN#61105618",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-25655",
"@id": "CVE-2023-25655",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-25655",
"@id": "CVE-2023-25655",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "baserCMS vulnerable to arbitrary file uploads"
}
jvndb-2011-000065
Vulnerability from jvndb
Published
2011-09-30 18:39
Modified
2011-09-30 18:39
Summary
BaserCMS vulnerable to cross-site scripting
Details
BaserCMS contains a cross-site scripting vulnerability.
BaserCMS is an open-source Contents Management System (CMS). BaserCMS contains a cross-site scripting vulnerability.
Masako Ohno reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| baserCMS Users Community | baserCMS |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000065.html",
"dc:date": "2011-09-30T18:39+09:00",
"dcterms:issued": "2011-09-30T18:39+09:00",
"dcterms:modified": "2011-09-30T18:39+09:00",
"description": "BaserCMS contains a cross-site scripting vulnerability.\r\n\r\nBaserCMS is an open-source Contents Management System (CMS). BaserCMS contains a cross-site scripting vulnerability.\r\n\r\nMasako Ohno reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000065.html",
"sec:cpe": {
"#text": "cpe:/a:basercms:basercms",
"@product": "baserCMS",
"@vendor": "baserCMS Users Community",
"@version": "2.2"
},
"sec:cvss": {
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2011-000065",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN09789751/index.html",
"@id": "JVN#09789751",
"@source": "JVN"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2673",
"@id": "CVE-2011-2673",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-2673",
"@id": "CVE-2011-2673",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
}
],
"title": "BaserCMS vulnerable to cross-site scripting"
}
jvndb-2017-000203
Vulnerability from jvndb
Published
2017-08-25 14:50
Modified
2018-02-28 11:45
Severity ?
Summary
Multiple vulnerabilities in baserCMS
Details
baserCMS provided by baserCMS Users Community contains multiple vulnerabilities listed below.
* SQL injection (CWE-89) - CVE-2017-10842
* Arbitary files may be deleted - CVE-2017-10843
* Arbitary PHP code execution - CVE-2017-10844
Shoji Baba reported the vulnerabilities to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| baserCMS Users Community | baserCMS |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000203.html",
"dc:date": "2018-02-28T11:45+09:00",
"dcterms:issued": "2017-08-25T14:50+09:00",
"dcterms:modified": "2018-02-28T11:45+09:00",
"description": "baserCMS provided by baserCMS Users Community contains multiple vulnerabilities listed below. \r\n\r\n * SQL injection (CWE-89) - CVE-2017-10842\r\n * Arbitary files may be deleted - CVE-2017-10843\r\n * Arbitary PHP code execution - CVE-2017-10844\r\n\r\nShoji Baba reported the vulnerabilities to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000203.html",
"sec:cpe": {
"#text": "cpe:/a:basercms:basercms",
"@product": "baserCMS",
"@vendor": "baserCMS Users Community",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "7.5",
"@severity": "High",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"@version": "2.0"
},
{
"@score": "7.3",
"@severity": "High",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2017-000203",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN78151490/index.html",
"@id": "JVN#78151490",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10842",
"@id": "CVE-2017-10842",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10843",
"@id": "CVE-2017-10843",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10844",
"@id": "CVE-2017-10844",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2017-10842",
"@id": "CVE-2017-10842",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2017-10843",
"@id": "CVE-2017-10843",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2017-10844",
"@id": "CVE-2017-10844",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-20",
"@title": "Improper Input Validation(CWE-20)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-89",
"@title": "SQL Injection(CWE-89)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-94",
"@title": "Code Injection(CWE-94)"
}
],
"title": "Multiple vulnerabilities in baserCMS"
}
jvndb-2016-000178
Vulnerability from jvndb
Published
2016-09-29 16:04
Modified
2017-11-27 16:37
Severity ?
Summary
baserCMS vulnerable to cross-site request forgery
Details
baserCMS provided by baserCMS User Group is an opensource content management system. baserCMS contains a cross-site request forgery vulnerability.
Masamu Asato of National Institute of Technology, Okinawa College reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| ▼ | Type | URL |
|---|---|---|
| JVN | http://jvn.jp/en/jp/JVN92765814/index.html | |
| CVE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4882 | |
| NVD | https://nvd.nist.gov/vuln/detail/CVE-2016-4882 | |
| Cross-Site Request Forgery(CWE-352) | https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| baserCMS Users Community | baserCMS |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000178.html",
"dc:date": "2017-11-27T16:37+09:00",
"dcterms:issued": "2016-09-29T16:04+09:00",
"dcterms:modified": "2017-11-27T16:37+09:00",
"description": "baserCMS provided by baserCMS User Group is an opensource content management system. baserCMS contains a cross-site request forgery vulnerability.\r\n\r\nMasamu Asato of National Institute of Technology, Okinawa College reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000178.html",
"sec:cpe": {
"#text": "cpe:/a:basercms:basercms",
"@product": "baserCMS",
"@vendor": "baserCMS Users Community",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "4.0",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N",
"@version": "2.0"
},
{
"@score": "5.4",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2016-000178",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN92765814/index.html",
"@id": "JVN#92765814",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4882",
"@id": "CVE-2016-4882",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2016-4882",
"@id": "CVE-2016-4882",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-352",
"@title": "Cross-Site Request Forgery(CWE-352)"
}
],
"title": "baserCMS vulnerable to cross-site request forgery"
}
jvndb-2024-000022
Vulnerability from jvndb
Published
2024-02-27 14:25
Modified
2024-02-27 14:25
Severity ?
Summary
Multiple vulnerabilities in baserCMS
Details
baserCMS provided by baserCMS Users Community contains multiple vulnerabilities listed below.
<ul>
<li>Reflected cross-site scripting vulnerability in Site search Feature (CWE-79) - CVE-2023-44379</li>
<li>Stored cross-site scripting vulnerability in Content Management (CWE-79) - CVE-2024-26128</li>
<li>OS command injection vulnerability (CWE-78) - CVE-2023-51450</li>
</ul>
CVE-2023-44379
Yusuke Uchida of PERSOL CROSS TECHNOLOGY CO., LTD. (Not affiliated at the time of report submission) reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
CVE-2024-26128
Kentaro Ishii of GMO Cybersecurity by Ierae, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
CVE-2023-51450
Shunsuke Tanizaki reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| ▼ | Type | URL |
|---|---|---|
| JVN | https://jvn.jp/en/jp/JVN73283159/index.html | |
| CVE | https://www.cve.org/CVERecord?id=CVE-2023-44379 | |
| CVE | https://www.cve.org/CVERecord?id=CVE-2024-26128 | |
| CVE | https://www.cve.org/CVERecord?id=CVE-2023-51450 | |
| OS Command Injection(CWE-78) | https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html | |
| Cross-site Scripting(CWE-79) | https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| baserCMS Users Community | baserCMS |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-000022.html",
"dc:date": "2024-02-27T14:25+09:00",
"dcterms:issued": "2024-02-27T14:25+09:00",
"dcterms:modified": "2024-02-27T14:25+09:00",
"description": "baserCMS provided by baserCMS Users Community contains multiple vulnerabilities listed below.\r\n\r\n\u003cul\u003e\r\n\u003cli\u003eReflected cross-site scripting vulnerability in Site search Feature (CWE-79) - CVE-2023-44379\u003c/li\u003e\r\n\u003cli\u003eStored cross-site scripting vulnerability in Content Management (CWE-79) - CVE-2024-26128\u003c/li\u003e\r\n\u003cli\u003eOS command injection vulnerability (CWE-78) - CVE-2023-51450\u003c/li\u003e\r\n\u003c/ul\u003e\r\n\r\nCVE-2023-44379\r\nYusuke Uchida of PERSOL CROSS TECHNOLOGY CO., LTD. (Not affiliated at the time of report submission) reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.\r\n\r\nCVE-2024-26128\r\nKentaro Ishii of GMO Cybersecurity by Ierae, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.\r\n\r\nCVE-2023-51450\r\nShunsuke Tanizaki reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-000022.html",
"sec:cpe": {
"#text": "cpe:/a:basercms:basercms",
"@product": "baserCMS",
"@vendor": "baserCMS Users Community",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "6.8",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"@version": "2.0"
},
{
"@score": "8.1",
"@severity": "High",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2024-000022",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN73283159/index.html",
"@id": "JVN#73283159",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-44379",
"@id": "CVE-2023-44379",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-26128",
"@id": "CVE-2024-26128",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-51450",
"@id": "CVE-2023-51450",
"@source": "CVE"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-78",
"@title": "OS Command Injection(CWE-78)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
}
],
"title": "Multiple vulnerabilities in baserCMS"
}
jvndb-2024-000114
Vulnerability from jvndb
Published
2024-10-25 15:07
Modified
2024-10-25 15:07
Severity ?
Summary
Multiple vulnerabilities in baserCMS
Details
baserCMS provided by baserCMS Users Community contains multiple vulnerabilities listed below.<ul><li>Stored cross-site scripting vulnerability due to inappropriate Slug handling on Article Edit (CWE-79) - CVE-2024-46996</li><li>Stored cross-site scripting vulnerability on Edit Email Form Settings (CWE-79) - CVE-2024-46998</li><li>Reflected cross-site scripting vulnerability due to inadequate error page generation process (CWE-81) - CVE-2024-46995</li><li>Stored cross-site scripting vulnerability due to inappropriate input data handling on Article Edit and Content List (CWE-79) - CVE-2024-46994</li></ul>CVE-2024-46996
Ayato Shitomi of Fore-Z co.ltd and Rikuto Tauchi reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
CVE-2024-46998
Ayato Shitomi of Fore-Z co.ltd reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
CVE-2024-46995
Yusuke Uchida reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
CVE-2024-46994
Kyohei Ota of LEON TECHNOLOGY,Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| baserCMS Users Community | baserCMS | |
| baserCMS Users Community | baserCMS |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-000114.html",
"dc:date": "2024-10-25T15:07+09:00",
"dcterms:issued": "2024-10-25T15:07+09:00",
"dcterms:modified": "2024-10-25T15:07+09:00",
"description": "baserCMS provided by baserCMS Users Community contains multiple vulnerabilities listed below.\u003cul\u003e\u003cli\u003eStored cross-site scripting vulnerability due to inappropriate Slug handling on Article Edit (CWE-79) - CVE-2024-46996\u003c/li\u003e\u003cli\u003eStored cross-site scripting vulnerability on Edit Email Form Settings (CWE-79) - CVE-2024-46998\u003c/li\u003e\u003cli\u003eReflected cross-site scripting vulnerability due to inadequate error page generation process (CWE-81) - CVE-2024-46995\u003c/li\u003e\u003cli\u003eStored cross-site scripting vulnerability due to inappropriate input data handling on Article Edit and Content List (CWE-79) - CVE-2024-46994\u003c/li\u003e\u003c/ul\u003eCVE-2024-46996\r\nAyato Shitomi of Fore-Z co.ltd and Rikuto Tauchi reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.\r\n\r\nCVE-2024-46998\r\nAyato Shitomi of Fore-Z co.ltd reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.\r\n\r\nCVE-2024-46995\r\nYusuke Uchida reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.\r\n\r\nCVE-2024-46994\r\nKyohei Ota of LEON TECHNOLOGY,Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-000114.html",
"sec:cpe": [
{
"#text": "cpe:/a:basercms:basercms",
"@product": "baserCMS",
"@vendor": "baserCMS Users Community",
"@version": "2.2"
},
{
"#text": "cpe:/a:basercms:basercms",
"@product": "baserCMS",
"@vendor": "baserCMS Users Community",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "6.1",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"@version": "3.0"
},
"sec:identifier": "JVNDB-2024-000114",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN00876083/index.html",
"@id": "JVN#00876083",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-46996",
"@id": "CVE-2024-46996",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-46998",
"@id": "CVE-2024-46998",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-46995",
"@id": "CVE-2024-46995",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-46994",
"@id": "CVE-2024-46994",
"@source": "CVE"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "Multiple vulnerabilities in baserCMS"
}
jvndb-2016-000177
Vulnerability from jvndb
Published
2016-09-29 16:04
Modified
2017-11-27 16:37
Severity ?
Summary
baserCMS vulnerable to cross-site request forgery
Details
baserCMS provided by baserCMS User Group is an opensource content management system. baserCMS contains a cross-site request forgery vulnerability.
Norihiko Hirukawa of FiveDrive Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| ▼ | Type | URL |
|---|---|---|
| JVN | http://jvn.jp/en/jp/JVN92765814/index.html | |
| CVE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4878 | |
| NVD | https://nvd.nist.gov/vuln/detail/CVE-2016-4878 | |
| Cross-Site Request Forgery(CWE-352) | https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| baserCMS Users Community | baserCMS |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000177.html",
"dc:date": "2017-11-27T16:37+09:00",
"dcterms:issued": "2016-09-29T16:04+09:00",
"dcterms:modified": "2017-11-27T16:37+09:00",
"description": "baserCMS provided by baserCMS User Group is an opensource content management system. baserCMS contains a cross-site request forgery vulnerability.\r\n\r\nNorihiko Hirukawa of FiveDrive Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000177.html",
"sec:cpe": {
"#text": "cpe:/a:basercms:basercms",
"@product": "baserCMS",
"@vendor": "baserCMS Users Community",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "4.0",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N",
"@version": "2.0"
},
{
"@score": "5.4",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2016-000177",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN92765814/index.html",
"@id": "JVN#92765814",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4878",
"@id": "CVE-2016-4878",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2016-4878",
"@id": "CVE-2016-4878",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-352",
"@title": "Cross-Site Request Forgery(CWE-352)"
}
],
"title": "baserCMS vulnerable to cross-site request forgery"
}
jvndb-2016-000183
Vulnerability from jvndb
Published
2016-09-29 16:04
Modified
2017-11-27 16:37
Severity ?
Summary
baserCMS plugin Uploader vulnerable to cross-site request forgery
Details
baserCMS provided by baserCMS User Group is an opensource content management system. baserCMS and bundled plugin Uploader contain a cross-site request forgery vulnerability.
Masamu Asato of National Institute of Technology, Okinawa College reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| ▼ | Type | URL |
|---|---|---|
| JVN | https://jvn.jp/en/jp/JVN92765814/index.html | |
| CVE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4887 | |
| NVD | https://nvd.nist.gov/vuln/detail/CVE-2016-4887 | |
| Cross-Site Request Forgery(CWE-352) | https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| baserCMS Users Community | baserCMS |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000183.html",
"dc:date": "2017-11-27T16:37+09:00",
"dcterms:issued": "2016-09-29T16:04+09:00",
"dcterms:modified": "2017-11-27T16:37+09:00",
"description": "baserCMS provided by baserCMS User Group is an opensource content management system. baserCMS and bundled plugin Uploader contain a cross-site request forgery vulnerability.\r\n\r\nMasamu Asato of National Institute of Technology, Okinawa College reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000183.html",
"sec:cpe": {
"#text": "cpe:/a:basercms:basercms",
"@product": "baserCMS",
"@vendor": "baserCMS Users Community",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "4.0",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N",
"@version": "2.0"
},
{
"@score": "5.4",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2016-000183",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN92765814/index.html",
"@id": "JVN#92765814",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4887",
"@id": "CVE-2016-4887",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2016-4887",
"@id": "CVE-2016-4887",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-352",
"@title": "Cross-Site Request Forgery(CWE-352)"
}
],
"title": "baserCMS plugin Uploader vulnerable to cross-site request forgery"
}
jvndb-2021-000080
Vulnerability from jvndb
Published
2021-08-27 13:29
Modified
2021-08-27 13:29
Severity ?
Summary
baserCMS vulnerable to cross-site scripting
Details
baserCMS provided by baserCMS Users Community contains a cross-site scripting vulnerability (CWE-79).
Akagi Yusuke of NTT-ME CORPORATION reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| ▼ | Type | URL |
|---|---|---|
| JVN | https://jvn.jp/en/jp/JVN14134801/index.html | |
| CVE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39136 | |
| NVD | https://nvd.nist.gov/vuln/detail/CVE-2021-39136 | |
| Cross-site Scripting(CWE-79) | https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| baserCMS Users Community | baserCMS |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2021/JVNDB-2021-000080.html",
"dc:date": "2021-08-27T13:29+09:00",
"dcterms:issued": "2021-08-27T13:29+09:00",
"dcterms:modified": "2021-08-27T13:29+09:00",
"description": "baserCMS provided by baserCMS Users Community contains a cross-site scripting vulnerability (CWE-79).\r\n\r\nAkagi Yusuke of NTT-ME CORPORATION reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2021/JVNDB-2021-000080.html",
"sec:cpe": {
"#text": "cpe:/a:basercms:basercms",
"@product": "baserCMS",
"@vendor": "baserCMS Users Community",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "3.5",
"@severity": "Low",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"@version": "2.0"
},
{
"@score": "4.8",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2021-000080",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN14134801/index.html",
"@id": "JVN#14134801",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39136",
"@id": "CVE-2021-39136",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-39136",
"@id": "CVE-2021-39136",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
}
],
"title": "baserCMS vulnerable to cross-site scripting"
}
jvndb-2016-000180
Vulnerability from jvndb
Published
2016-09-29 16:04
Modified
2017-11-27 16:37
Severity ?
Summary
baserCMS plugin Blog vulnerable to cross-site request forgery
Details
baserCMS provided by baserCMS User Group is an opensource content management system. baserCMS and bundled plugin Blog contain a cross-site request forgery vulnerability.
Masamu Asato of National Institute of Technology, Okinawa College reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| ▼ | Type | URL |
|---|---|---|
| JVN | https://jvn.jp/en/jp/JVN92765814/index.html | |
| CVE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4884 | |
| NVD | https://nvd.nist.gov/vuln/detail/CVE-2016-4884 | |
| Cross-Site Request Forgery(CWE-352) | https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| baserCMS Users Community | baserCMS |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000180.html",
"dc:date": "2017-11-27T16:37+09:00",
"dcterms:issued": "2016-09-29T16:04+09:00",
"dcterms:modified": "2017-11-27T16:37+09:00",
"description": "baserCMS provided by baserCMS User Group is an opensource content management system. baserCMS and bundled plugin Blog contain a cross-site request forgery vulnerability.\r\n\r\nMasamu Asato of National Institute of Technology, Okinawa College reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000180.html",
"sec:cpe": {
"#text": "cpe:/a:basercms:basercms",
"@product": "baserCMS",
"@vendor": "baserCMS Users Community",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "2.6",
"@severity": "Low",
"@type": "Base",
"@vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
{
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2016-000180",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN92765814/index.html",
"@id": "JVN#92765814",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4884",
"@id": "CVE-2016-4884",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2016-4884",
"@id": "CVE-2016-4884",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-352",
"@title": "Cross-Site Request Forgery(CWE-352)"
}
],
"title": "baserCMS plugin Blog vulnerable to cross-site request forgery"
}
jvndb-2023-000106
Vulnerability from jvndb
Published
2023-10-27 14:46
Modified
2024-05-07 15:59
Severity ?
Summary
Multiple vulnerabilities in baserCMS
Details
baserCMS provided by baserCMS Users Community contains multiple vulnerabilities listed below.<ul><li>Stored cross-site scripting vulnerability (CWE-79) - CVE-2023-29009</li><li>Reflected cross-site scripting vulnerability (CWE-79) - CVE-2023-43647</li><li>Directory traversal vulnerability (CWE-22) - CVE-2023-43648</li><li>Cross-site request forgery vulnerability (CWE-352) - CVE-2023-43649</li><li>Arbitrary file upload vulnerability (CWE-434) - CVE-2023-43792</li></ul>
CVE-2023-29009
Kyohei Ota reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
CVE-2023-43647, CVE-2023-43648, CVE-2023-43649, CVE-2023-43792
Shiga Takuma of BroadBand Security, Inc reported these vulnerabilities to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| baserCMS Users Community | baserCMS |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-000106.html",
"dc:date": "2024-05-07T15:59+09:00",
"dcterms:issued": "2023-10-27T14:46+09:00",
"dcterms:modified": "2024-05-07T15:59+09:00",
"description": "baserCMS provided by baserCMS Users Community contains multiple vulnerabilities listed below.\u003cul\u003e\u003cli\u003eStored cross-site scripting vulnerability (CWE-79) - CVE-2023-29009\u003c/li\u003e\u003cli\u003eReflected cross-site scripting vulnerability (CWE-79) - CVE-2023-43647\u003c/li\u003e\u003cli\u003eDirectory traversal vulnerability (CWE-22) - CVE-2023-43648\u003c/li\u003e\u003cli\u003eCross-site request forgery vulnerability (CWE-352) - CVE-2023-43649\u003c/li\u003e\u003cli\u003eArbitrary file upload vulnerability (CWE-434) - CVE-2023-43792\u003c/li\u003e\u003c/ul\u003e\r\nCVE-2023-29009\r\nKyohei Ota reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.\r\n\r\nCVE-2023-43647, CVE-2023-43648, CVE-2023-43649, CVE-2023-43792\r\nShiga Takuma of BroadBand Security, Inc reported these vulnerabilities to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-000106.html",
"sec:cpe": {
"#text": "cpe:/a:basercms:basercms",
"@product": "baserCMS",
"@vendor": "baserCMS Users Community",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "6.8",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"@version": "2.0"
},
{
"@score": "6.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2023-000106",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN45547161/index.html",
"@id": "JVN#45547161",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-29009",
"@id": "CVE-2023-29009",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-43647",
"@id": "CVE-2023-43647",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-43648",
"@id": "CVE-2023-43648",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-43649",
"@id": "CVE-2023-43649",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-43792",
"@id": "CVE-2023-43792",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-29009",
"@id": "CVE-2023-29009",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-43647",
"@id": "CVE-2023-43647",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-43648",
"@id": "CVE-2023-43648",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-43649",
"@id": "CVE-2023-43649",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-43792",
"@id": "CVE-2023-43792",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-22",
"@title": "Path Traversal(CWE-22)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-352",
"@title": "Cross-Site Request Forgery(CWE-352)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "Multiple vulnerabilities in baserCMS"
}
jvndb-2012-000043
Vulnerability from jvndb
Published
2012-05-15 16:56
Modified
2012-05-15 16:56
Summary
baserCMS vulnerable to session management
Details
baserCMS contains a vulnerability in session management.
baserCMS is an open-source Contents Management System (CMS). baserCMS contains a vulnerability in session management.
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| baserCMS Users Community | baserCMS |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000043.html",
"dc:date": "2012-05-15T16:56+09:00",
"dcterms:issued": "2012-05-15T16:56+09:00",
"dcterms:modified": "2012-05-15T16:56+09:00",
"description": "baserCMS contains a vulnerability in session management.\r\n\r\nbaserCMS is an open-source Contents Management System (CMS). baserCMS contains a vulnerability in session management.",
"link": "https://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000043.html",
"sec:cpe": {
"#text": "cpe:/a:basercms:basercms",
"@product": "baserCMS",
"@vendor": "baserCMS Users Community",
"@version": "2.2"
},
"sec:cvss": {
"@score": "4.0",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2012-000043",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN53465692/index.html",
"@id": "JVN#53465692",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1248",
"@id": "CVE-2012-1248",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1248",
"@id": "CVE-2012-1248",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-noinfo",
"@title": "No Mapping(CWE-noinfo)"
}
],
"title": "baserCMS vulnerable to session management"
}
jvndb-2016-000176
Vulnerability from jvndb
Published
2016-09-29 16:04
Modified
2017-11-27 16:37
Severity ?
Summary
baserCMS plugin Blog vulnerable to cross-site request forgery
Details
baserCMS provided by baserCMS User Group is an opensource content management system. baserCMS and bundled plugin Blog contain a cross-site request forgery vulnerability.
Isao Takaesu of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| ▼ | Type | URL |
|---|---|---|
| JVN | https://jvn.jp/en/jp/JVN92765814/index.html | |
| CVE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4881 | |
| NVD | https://nvd.nist.gov/vuln/detail/CVE-2016-4881 | |
| Cross-Site Request Forgery(CWE-352) | https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| baserCMS Users Community | baserCMS |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000176.html",
"dc:date": "2017-11-27T16:37+09:00",
"dcterms:issued": "2016-09-29T16:04+09:00",
"dcterms:modified": "2017-11-27T16:37+09:00",
"description": "baserCMS provided by baserCMS User Group is an opensource content management system. baserCMS and bundled plugin Blog contain a cross-site request forgery vulnerability.\r\n\r\nIsao Takaesu of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000176.html",
"sec:cpe": {
"#text": "cpe:/a:basercms:basercms",
"@product": "baserCMS",
"@vendor": "baserCMS Users Community",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "2.6",
"@severity": "Low",
"@type": "Base",
"@vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
{
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2016-000176",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN92765814/index.html",
"@id": "JVN#92765814",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4881",
"@id": "CVE-2016-4881",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2016-4881",
"@id": "CVE-2016-4881",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-352",
"@title": "Cross-Site Request Forgery(CWE-352)"
}
],
"title": "baserCMS plugin Blog vulnerable to cross-site request forgery"
}
jvndb-2016-000172
Vulnerability from jvndb
Published
2016-09-29 16:04
Modified
2017-11-27 16:36
Severity ?
Summary
baserCMS vulnerable to cross-site request forgery
Details
baserCMS provided by baserCMS User Group is an opensource content management system. baserCMS contains a cross-site request forgery vulnerability.
Shoji Baba reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| ▼ | Type | URL |
|---|---|---|
| JVN | http://jvn.jp/en/jp/JVN92765814/index.html | |
| CVE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4876 | |
| NVD | https://nvd.nist.gov/vuln/detail/CVE-2016-4876 | |
| Cross-Site Request Forgery(CWE-352) | https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| baserCMS Users Community | baserCMS |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000172.html",
"dc:date": "2017-11-27T16:36+09:00",
"dcterms:issued": "2016-09-29T16:04+09:00",
"dcterms:modified": "2017-11-27T16:36+09:00",
"description": "baserCMS provided by baserCMS User Group is an opensource content management system. baserCMS contains a cross-site request forgery vulnerability.\r\n\r\nShoji Baba reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000172.html",
"sec:cpe": {
"#text": "cpe:/a:basercms:basercms",
"@product": "baserCMS",
"@vendor": "baserCMS Users Community",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "2.6",
"@severity": "Low",
"@type": "Base",
"@vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
{
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2016-000172",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN92765814/index.html",
"@id": "JVN#92765814",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4876",
"@id": "CVE-2016-4876",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2016-4876",
"@id": "CVE-2016-4876",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-352",
"@title": "Cross-Site Request Forgery(CWE-352)"
}
],
"title": "baserCMS vulnerable to cross-site request forgery"
}
jvndb-2015-000138
Vulnerability from jvndb
Published
2015-09-30 14:46
Modified
2015-10-07 17:38
Summary
baserCMS fails to restrict access permissions
Details
baserCMS is an open-source Contents Management System (CMS). baserCMS contains a vulnerability where user settings may be changed when processing specially crafted request sent by an attacker logged into the system.
Shoji Baba reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| baserCMS Users Community | baserCMS |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000138.html",
"dc:date": "2015-10-07T17:38+09:00",
"dcterms:issued": "2015-09-30T14:46+09:00",
"dcterms:modified": "2015-10-07T17:38+09:00",
"description": "baserCMS is an open-source Contents Management System (CMS). baserCMS contains a vulnerability where user settings may be changed when processing specially crafted request sent by an attacker logged into the system.\r\n\r\nShoji Baba reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000138.html",
"sec:cpe": {
"#text": "cpe:/a:basercms:basercms",
"@product": "baserCMS",
"@vendor": "baserCMS Users Community",
"@version": "2.2"
},
"sec:cvss": {
"@score": "5.5",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:S/C:P/I:P/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2015-000138",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN04855224/index.html",
"@id": "JVN#04855224",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5640",
"@id": "CVE-2015-5640",
"@source": "CVE"
},
{
"#text": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-5640",
"@id": "CVE-2015-5640",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-264",
"@title": "Permissions(CWE-264)"
}
],
"title": "baserCMS fails to restrict access permissions"
}
jvndb-2016-000175
Vulnerability from jvndb
Published
2016-09-29 16:04
Modified
2017-11-27 16:37
Severity ?
Summary
baserCMS plugin Blog vulnerable to cross-site scripting
Details
baserCMS provided by baserCMS User Group is an opensource content management system. baserCMS and bundled plugin Blog contain a stored cross-site scripting vulnerability.
Isao Takaesu of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| ▼ | Type | URL |
|---|---|---|
| JVN | https://jvn.jp/en/jp/JVN92765814/index.html | |
| CVE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4880 | |
| NVD | https://nvd.nist.gov/vuln/detail/CVE-2016-4880 | |
| Cross-site Scripting(CWE-79) | https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| baserCMS Users Community | baserCMS |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000175.html",
"dc:date": "2017-11-27T16:37+09:00",
"dcterms:issued": "2016-09-29T16:04+09:00",
"dcterms:modified": "2017-11-27T16:37+09:00",
"description": "baserCMS provided by baserCMS User Group is an opensource content management system. baserCMS and bundled plugin Blog contain a stored cross-site scripting vulnerability.\r\n\r\nIsao Takaesu of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000175.html",
"sec:cpe": {
"#text": "cpe:/a:basercms:basercms",
"@product": "baserCMS",
"@vendor": "baserCMS Users Community",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "4.0",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"@version": "2.0"
},
{
"@score": "5.4",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2016-000175",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN92765814/index.html",
"@id": "JVN#92765814",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4880",
"@id": "CVE-2016-4880",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2016-4880",
"@id": "CVE-2016-4880",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
}
],
"title": "baserCMS plugin Blog vulnerable to cross-site scripting"
}
jvndb-2016-000179
Vulnerability from jvndb
Published
2016-09-29 16:04
Modified
2017-11-27 16:37
Severity ?
Summary
baserCMS vulnerable to cross-site scripting
Details
baserCMS provided by baserCMS User Group is an opensource content management system. baserCMS contains a stored cross-site scripting vulnerability.
Masamu Asato of National Institute of Technology, Okinawa College reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| ▼ | Type | URL |
|---|---|---|
| JVN | https://jvn.jp/en/jp/JVN92765814/index.html | |
| CVE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4883 | |
| NVD | https://nvd.nist.gov/vuln/detail/CVE-2016-4883 | |
| Cross-site Scripting(CWE-79) | https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| baserCMS Users Community | baserCMS |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000179.html",
"dc:date": "2017-11-27T16:37+09:00",
"dcterms:issued": "2016-09-29T16:04+09:00",
"dcterms:modified": "2017-11-27T16:37+09:00",
"description": "baserCMS provided by baserCMS User Group is an opensource content management system. baserCMS contains a stored cross-site scripting vulnerability.\r\n\r\nMasamu Asato of National Institute of Technology, Okinawa College reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000179.html",
"sec:cpe": {
"#text": "cpe:/a:basercms:basercms",
"@product": "baserCMS",
"@vendor": "baserCMS Users Community",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "4.0",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"@version": "2.0"
},
{
"@score": "5.4",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2016-000179",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN92765814/index.html",
"@id": "JVN#92765814",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4883",
"@id": "CVE-2016-4883",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2016-4883",
"@id": "CVE-2016-4883",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
}
],
"title": "baserCMS vulnerable to cross-site scripting"
}
jvndb-2015-000139
Vulnerability from jvndb
Published
2015-09-30 14:46
Modified
2015-10-07 17:38
Summary
baserCMS vulnerable to SQL injection
Details
baserCMS contains an SQL injection vulnerability.
baserCMS is an open-source Contents Management System (CMS). baserCMS contains a vulnerability that allows an authenticated user to inject arbitrary SQL statements (CWE-89).
Shoji Baba reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| baserCMS Users Community | baserCMS |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000139.html",
"dc:date": "2015-10-07T17:38+09:00",
"dcterms:issued": "2015-09-30T14:46+09:00",
"dcterms:modified": "2015-10-07T17:38+09:00",
"description": "baserCMS contains an SQL injection vulnerability.\r\nbaserCMS is an open-source Contents Management System (CMS). baserCMS contains a vulnerability that allows an authenticated user to inject arbitrary SQL statements (CWE-89).\r\n\r\nShoji Baba reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000139.html",
"sec:cpe": {
"#text": "cpe:/a:basercms:basercms",
"@product": "baserCMS",
"@vendor": "baserCMS Users Community",
"@version": "2.2"
},
"sec:cvss": {
"@score": "6.5",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2015-000139",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN79633796/index.html",
"@id": "JVN#79633796",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5641",
"@id": "CVE-2015-5641",
"@source": "CVE"
},
{
"#text": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-5641",
"@id": "CVE-2015-5641",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-89",
"@title": "SQL Injection(CWE-89)"
}
],
"title": "baserCMS vulnerable to SQL injection"
}
jvndb-2021-000106
Vulnerability from jvndb
Published
2021-11-26 14:59
Modified
2021-11-26 14:59
Severity ?
Summary
Multiple vulnerabilities in baserCMS
Details
baserCMS provided by baserCMS Users Community contains multiple vulnerabilities listed below.
* OS command injection (CWE-78) - CVE-2021-41243
* Arbitrary code upload vulnerability in Database restore (CWE-434) - CVE-2021-41279
CVE-2021-41243
Akagi Yusuke of NTT-ME CORPORATION reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
CVE-2021-41279
Daniele Scanu of SoterITSecurity reported this vulnerability to baserCMS Users Community and baserCMS Users Community reported it to JPCERT/CC to notify users of the solution through JVN.
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| baserCMS Users Community | baserCMS |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2021/JVNDB-2021-000106.html",
"dc:date": "2021-11-26T14:59+09:00",
"dcterms:issued": "2021-11-26T14:59+09:00",
"dcterms:modified": "2021-11-26T14:59+09:00",
"description": "baserCMS provided by baserCMS Users Community contains multiple vulnerabilities listed below.\r\n\r\n* OS command injection (CWE-78) - CVE-2021-41243\r\n* Arbitrary code upload vulnerability in Database restore (CWE-434) - CVE-2021-41279\r\n\r\nCVE-2021-41243\r\nAkagi Yusuke of NTT-ME CORPORATION reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.\r\n\r\nCVE-2021-41279\r\nDaniele Scanu of SoterITSecurity reported this vulnerability to baserCMS Users Community and baserCMS Users Community reported it to JPCERT/CC to notify users of the solution through JVN.",
"link": "https://jvndb.jvn.jp/en/contents/2021/JVNDB-2021-000106.html",
"sec:cpe": {
"#text": "cpe:/a:basercms:basercms",
"@product": "baserCMS",
"@vendor": "baserCMS Users Community",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "9.0",
"@severity": "High",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"@version": "2.0"
},
{
"@score": "8.8",
"@severity": "High",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2021-000106",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN81376414/index.html",
"@id": "JVN#81376414",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41243",
"@id": "CVE-2021-41243",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41279",
"@id": "CVE-2021-41279",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-41243",
"@id": "CVE-2021-41243",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-41279",
"@id": "CVE-2021-41279",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-78",
"@title": "OS Command Injection(CWE-78)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "Multiple vulnerabilities in baserCMS"
}
jvndb-2016-000173
Vulnerability from jvndb
Published
2016-09-29 16:04
Modified
2017-11-27 16:37
Severity ?
Summary
baserCMS plugin Mail vulnerable to cross-site scripting
Details
baserCMS provided by baserCMS User Group is an opensource content management system. baserCMS and bundled plugin Mail contain a stored cross-site scripting vulnerability.
Isao Takaesu of Mitsui Bussan Secure Directions, Inc. and Norihiko Hirukawa of FiveDrive Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| ▼ | Type | URL |
|---|---|---|
| JVN | https://jvn.jp/en/jp/JVN92765814/index.html | |
| CVE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4877 | |
| NVD | https://nvd.nist.gov/vuln/detail/CVE-2016-4877 | |
| Cross-site Scripting(CWE-79) | https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| baserCMS Users Community | baserCMS |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000173.html",
"dc:date": "2017-11-27T16:37+09:00",
"dcterms:issued": "2016-09-29T16:04+09:00",
"dcterms:modified": "2017-11-27T16:37+09:00",
"description": "baserCMS provided by baserCMS User Group is an opensource content management system. baserCMS and bundled plugin Mail contain a stored cross-site scripting vulnerability.\r\n\r\nIsao Takaesu of Mitsui Bussan Secure Directions, Inc. and Norihiko Hirukawa of FiveDrive Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000173.html",
"sec:cpe": {
"#text": "cpe:/a:basercms:basercms",
"@product": "baserCMS",
"@vendor": "baserCMS Users Community",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "4.0",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"@version": "2.0"
},
{
"@score": "5.4",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2016-000173",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN92765814/index.html",
"@id": "JVN#92765814",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4877",
"@id": "CVE-2016-4877",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2016-4877",
"@id": "CVE-2016-4877",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
}
],
"title": "baserCMS plugin Mail vulnerable to cross-site scripting"
}
jvndb-2021-000027
Vulnerability from jvndb
Published
2021-03-26 14:25
Modified
2021-03-26 14:25
Severity ?
Summary
Multiple vulnerabilities in baserCMS
Details
baserCMS provided by baserCMS Users Community contains multiple vulnerabilities listed below.
*Improper Neutralization of JavaScript input in the page editing function (CWE-79) - CVE-2021-20681
*OS command injection (CWE-78) - CVE-2021-20682
*Improper Neutralization of JavaScript input in the blog article editing function (CWE-79) - CVE-2021-20683
CVE-2021-20681, CVE-2021-20682
Sho Odagiri of Information Science College reported these vulnerabilities to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
CVE-2021-20683
Yamaguchi Kakeru reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| baserCMS Users Community | baserCMS |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2021/JVNDB-2021-000027.html",
"dc:date": "2021-03-26T14:25+09:00",
"dcterms:issued": "2021-03-26T14:25+09:00",
"dcterms:modified": "2021-03-26T14:25+09:00",
"description": "baserCMS provided by baserCMS Users Community contains multiple vulnerabilities listed below.\r\n\r\n*Improper Neutralization of JavaScript input in the page editing function (CWE-79) - CVE-2021-20681\r\n*OS command injection (CWE-78) - CVE-2021-20682\r\n*Improper Neutralization of JavaScript input in the blog article editing function (CWE-79) - CVE-2021-20683\r\n\r\nCVE-2021-20681, CVE-2021-20682\r\nSho Odagiri of Information Science College reported these vulnerabilities to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.\r\n\r\nCVE-2021-20683\r\nYamaguchi Kakeru reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2021/JVNDB-2021-000027.html",
"sec:cpe": {
"#text": "cpe:/a:basercms:basercms",
"@product": "baserCMS",
"@vendor": "baserCMS Users Community",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "3.5",
"@severity": "Low",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"@version": "2.0"
},
{
"@score": "5.4",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2021-000027",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN64869876/index.html",
"@id": "JVN#64869876",
"@source": "JVN"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20681",
"@id": "CVE-2021-20681",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20682",
"@id": "CVE-2021-20682",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20683",
"@id": "CVE-2021-20683",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20681",
"@id": "CVE-2021-20681",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20682",
"@id": "CVE-2021-20682",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20683",
"@id": "CVE-2021-20683",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-78",
"@title": "OS Command Injection(CWE-78)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
}
],
"title": "Multiple vulnerabilities in baserCMS"
}