Search criteria
48 vulnerabilities found for basercms by baserproject
CVE-2024-46998 (GCVE-0-2024-46998)
Vulnerability from cvelistv5 – Published: 2024-10-24 18:52 – Updated: 2024-10-24 20:01
VLAI?
Title
baserCMS has a Cross-site Scripting (XSS) Vulnerability in Edit Email Form Settings Feature
Summary
baserCMS is a website development framework. Versions prior to 5.1.2 have a cross-site scripting vulnerability in the Edit Email Form Settings Feature. Version 5.1.2 fixes the issue.
Severity ?
7.1 (High)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| baserproject | basercms |
Affected:
< 5.1.2
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-46998",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-24T20:01:19.157961Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-24T20:01:26.743Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "basercms",
"vendor": "baserproject",
"versions": [
{
"status": "affected",
"version": "\u003c 5.1.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "baserCMS is a website development framework. Versions prior to 5.1.2 have a cross-site scripting vulnerability in the Edit Email Form Settings Feature. Version 5.1.2 fixes the issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-24T18:52:08.244Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/baserproject/basercms/security/advisories/GHSA-p3m2-mj3j-j49x",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/baserproject/basercms/security/advisories/GHSA-p3m2-mj3j-j49x"
},
{
"name": "https://basercms.net/security/JVN_98693329",
"tags": [
"x_refsource_MISC"
],
"url": "https://basercms.net/security/JVN_98693329"
}
],
"source": {
"advisory": "GHSA-p3m2-mj3j-j49x",
"discovery": "UNKNOWN"
},
"title": "baserCMS has a Cross-site Scripting (XSS) Vulnerability in Edit Email Form Settings Feature"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-46998",
"datePublished": "2024-10-24T18:52:08.244Z",
"dateReserved": "2024-09-16T16:10:09.021Z",
"dateUpdated": "2024-10-24T20:01:26.743Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-46996 (GCVE-0-2024-46996)
Vulnerability from cvelistv5 – Published: 2024-10-24 18:35 – Updated: 2024-10-24 19:22
VLAI?
Title
baserCMS has a Cross-site Scripting (XSS) Vulnerability in Blog posts Feature
Summary
baserCMS is a website development framework. Versions prior to 5.1.2 have a cross-site scripting vulnerability in the Blog posts feature. Version 5.1.2 fixes this issue.
Severity ?
6.3 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| baserproject | basercms |
Affected:
< 5.1.2
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-46996",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-24T19:22:34.768401Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-24T19:22:51.973Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "basercms",
"vendor": "baserproject",
"versions": [
{
"status": "affected",
"version": "\u003c 5.1.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "baserCMS is a website development framework. Versions prior to 5.1.2 have a cross-site scripting vulnerability in the Blog posts feature. Version 5.1.2 fixes this issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-24T18:35:21.088Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/baserproject/basercms/security/advisories/GHSA-66jv-qrm3-vvfg",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/baserproject/basercms/security/advisories/GHSA-66jv-qrm3-vvfg"
},
{
"name": "https://basercms.net/security/JVN_00876083",
"tags": [
"x_refsource_MISC"
],
"url": "https://basercms.net/security/JVN_00876083"
}
],
"source": {
"advisory": "GHSA-66jv-qrm3-vvfg",
"discovery": "UNKNOWN"
},
"title": "baserCMS has a Cross-site Scripting (XSS) Vulnerability in Blog posts Feature"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-46996",
"datePublished": "2024-10-24T18:35:21.088Z",
"dateReserved": "2024-09-16T16:10:09.021Z",
"dateUpdated": "2024-10-24T19:22:51.973Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-46995 (GCVE-0-2024-46995)
Vulnerability from cvelistv5 – Published: 2024-10-24 18:31 – Updated: 2024-10-24 19:23
VLAI?
Title
baserCMS has Cross-site Scripting Vulnerability in HTTP 400 Bad Request
Summary
baserCMS is a website development framework. Versions prior to 5.1.2 have a cross-site scripting vulnerability in HTTP 400 Bad Request. Version 5.1.2 fixes this issue.
Severity ?
6.1 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| baserproject | basercms |
Affected:
< 5.1.2
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-46995",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-24T19:23:15.416390Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-24T19:23:24.838Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "basercms",
"vendor": "baserproject",
"versions": [
{
"status": "affected",
"version": "\u003c 5.1.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "baserCMS is a website development framework. Versions prior to 5.1.2 have a cross-site scripting vulnerability in HTTP 400 Bad Request. Version 5.1.2 fixes this issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-24T18:31:12.796Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/baserproject/basercms/security/advisories/GHSA-mr7q-fv7j-jcgv",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/baserproject/basercms/security/advisories/GHSA-mr7q-fv7j-jcgv"
},
{
"name": "https://basercms.net/security/JVN_06274755",
"tags": [
"x_refsource_MISC"
],
"url": "https://basercms.net/security/JVN_06274755"
}
],
"source": {
"advisory": "GHSA-mr7q-fv7j-jcgv",
"discovery": "UNKNOWN"
},
"title": "baserCMS has Cross-site Scripting Vulnerability in HTTP 400 Bad Request"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-46995",
"datePublished": "2024-10-24T18:31:12.796Z",
"dateReserved": "2024-09-16T16:10:09.020Z",
"dateUpdated": "2024-10-24T19:23:24.838Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-46994 (GCVE-0-2024-46994)
Vulnerability from cvelistv5 – Published: 2024-10-24 18:22 – Updated: 2024-10-24 19:23
VLAI?
Title
baserCMS has Cross-site Scripting Vulnerability in Blog posts and Contents list Feature
Summary
baserCMS is a website development framework. Versions prior to 5.1.2 have a cross-site scripting vulnerability in Blog posts and Contents list Feature. Version 5.1.2 fixes this issue.
Severity ?
5.4 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| baserproject | basercms |
Affected:
< 5.1.2
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-46994",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-24T19:23:44.404037Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-24T19:23:55.028Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "basercms",
"vendor": "baserproject",
"versions": [
{
"status": "affected",
"version": "\u003c 5.1.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "baserCMS is a website development framework. Versions prior to 5.1.2 have a cross-site scripting vulnerability in Blog posts and Contents list Feature. Version 5.1.2 fixes this issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-24T18:27:01.650Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/baserproject/basercms/security/advisories/GHSA-wrjc-fmfq-w3jr",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/baserproject/basercms/security/advisories/GHSA-wrjc-fmfq-w3jr"
},
{
"name": "https://basercms.net/security/JVN_00876083",
"tags": [
"x_refsource_MISC"
],
"url": "https://basercms.net/security/JVN_00876083"
}
],
"source": {
"advisory": "GHSA-wrjc-fmfq-w3jr",
"discovery": "UNKNOWN"
},
"title": "baserCMS has Cross-site Scripting Vulnerability in Blog posts and Contents list Feature"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-46994",
"datePublished": "2024-10-24T18:22:25.924Z",
"dateReserved": "2024-09-16T16:10:09.020Z",
"dateUpdated": "2024-10-24T19:23:55.028Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-26128 (GCVE-0-2024-26128)
Vulnerability from cvelistv5 – Published: 2024-02-22 18:32 – Updated: 2024-08-01 23:59
VLAI?
Title
baserCMS Cross-site Scripting vulnerability in Content Management
Summary
baserCMS is a website development framework. Prior to version 5.0.9, there is a cross-site scripting vulnerability in the content management feature. Version 5.0.9 contains a fix for this vulnerability.
Severity ?
5.4 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| baserproject | basercms |
Affected:
< 5.0.9
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-26128",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-12T15:20:28.991506Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-12T18:18:41.298Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:59:32.303Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/baserproject/basercms/security/advisories/GHSA-jjxq-m8h3-4vw5",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/baserproject/basercms/security/advisories/GHSA-jjxq-m8h3-4vw5"
},
{
"name": "https://github.com/baserproject/basercms/commit/18f426d63e752b4d22c40e9ea8d1f6e692ef601c",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/baserproject/basercms/commit/18f426d63e752b4d22c40e9ea8d1f6e692ef601c"
},
{
"name": "https://basercms.net/security/JVN_73283159",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://basercms.net/security/JVN_73283159"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "basercms",
"vendor": "baserproject",
"versions": [
{
"status": "affected",
"version": "\u003c 5.0.9"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "baserCMS is a website development framework. Prior to version 5.0.9, there is a cross-site scripting vulnerability in the content management feature. Version 5.0.9 contains a fix for this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-22T18:32:43.866Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/baserproject/basercms/security/advisories/GHSA-jjxq-m8h3-4vw5",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/baserproject/basercms/security/advisories/GHSA-jjxq-m8h3-4vw5"
},
{
"name": "https://github.com/baserproject/basercms/commit/18f426d63e752b4d22c40e9ea8d1f6e692ef601c",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/baserproject/basercms/commit/18f426d63e752b4d22c40e9ea8d1f6e692ef601c"
},
{
"name": "https://basercms.net/security/JVN_73283159",
"tags": [
"x_refsource_MISC"
],
"url": "https://basercms.net/security/JVN_73283159"
}
],
"source": {
"advisory": "GHSA-jjxq-m8h3-4vw5",
"discovery": "UNKNOWN"
},
"title": "baserCMS Cross-site Scripting vulnerability in Content Management"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-26128",
"datePublished": "2024-02-22T18:32:43.866Z",
"dateReserved": "2024-02-14T17:40:03.687Z",
"dateUpdated": "2024-08-01T23:59:32.303Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-51450 (GCVE-0-2023-51450)
Vulnerability from cvelistv5 – Published: 2024-02-22 14:50 – Updated: 2024-08-02 22:32
VLAI?
Title
baserCMS OS command injection vulnerability in Installer
Summary
baserCMS is a website development framework. Prior to version 5.0.9, there is an OS Command Injection vulnerability in the site search feature of baserCMS. Version 5.0.9 contains a fix for this vulnerability.
Severity ?
5.6 (Medium)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| baserproject | basercms |
Affected:
< 5.0.9
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-51450",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-22T16:32:12.187899Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-05T17:21:55.047Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:32:10.287Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/baserproject/basercms/security/advisories/GHSA-77fc-4cv5-hmfr",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/baserproject/basercms/security/advisories/GHSA-77fc-4cv5-hmfr"
},
{
"name": "https://github.com/baserproject/basercms/commit/18f426d63e752b4d22c40e9ea8d1f6e692ef601c",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/baserproject/basercms/commit/18f426d63e752b4d22c40e9ea8d1f6e692ef601c"
},
{
"name": "https://basercms.net/security/JVN_09767360",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://basercms.net/security/JVN_09767360"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "basercms",
"vendor": "baserproject",
"versions": [
{
"status": "affected",
"version": "\u003c 5.0.9"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "baserCMS is a website development framework. Prior to version 5.0.9, there is an OS Command Injection vulnerability in the site search feature of baserCMS. Version 5.0.9 contains a fix for this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-22T14:50:51.098Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/baserproject/basercms/security/advisories/GHSA-77fc-4cv5-hmfr",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/baserproject/basercms/security/advisories/GHSA-77fc-4cv5-hmfr"
},
{
"name": "https://github.com/baserproject/basercms/commit/18f426d63e752b4d22c40e9ea8d1f6e692ef601c",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/baserproject/basercms/commit/18f426d63e752b4d22c40e9ea8d1f6e692ef601c"
},
{
"name": "https://basercms.net/security/JVN_09767360",
"tags": [
"x_refsource_MISC"
],
"url": "https://basercms.net/security/JVN_09767360"
}
],
"source": {
"advisory": "GHSA-77fc-4cv5-hmfr",
"discovery": "UNKNOWN"
},
"title": "baserCMS OS command injection vulnerability in Installer"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-51450",
"datePublished": "2024-02-22T14:50:51.098Z",
"dateReserved": "2023-12-19T15:19:39.615Z",
"dateUpdated": "2024-08-02T22:32:10.287Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-44379 (GCVE-0-2023-44379)
Vulnerability from cvelistv5 – Published: 2024-02-22 14:47 – Updated: 2025-04-22 16:19
VLAI?
Title
baserCMS Cross-site Scripting vulnerability in Site search Feature
Summary
baserCMS is a website development framework. Prior to version 5.0.9, there is a cross-site scripting vulnerability in the site search feature. Version 5.0.9 contains a fix for this vulnerability.
Severity ?
6.1 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| baserproject | basercms |
Affected:
< 5.0.9
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-44379",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-22T16:39:22.092743Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-22T16:19:39.790Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:07:33.116Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/baserproject/basercms/security/advisories/GHSA-66c2-p8rh-qx87",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/baserproject/basercms/security/advisories/GHSA-66c2-p8rh-qx87"
},
{
"name": "https://github.com/baserproject/basercms/commit/18549396e5a9b8294306a54a876af164b0b57da4",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/baserproject/basercms/commit/18549396e5a9b8294306a54a876af164b0b57da4"
},
{
"name": "https://basercms.net/security/JVN_73283159",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://basercms.net/security/JVN_73283159"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "basercms",
"vendor": "baserproject",
"versions": [
{
"status": "affected",
"version": "\u003c 5.0.9"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "baserCMS is a website development framework. Prior to version 5.0.9, there is a cross-site scripting vulnerability in the site search feature. Version 5.0.9 contains a fix for this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-22T14:47:14.333Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/baserproject/basercms/security/advisories/GHSA-66c2-p8rh-qx87",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/baserproject/basercms/security/advisories/GHSA-66c2-p8rh-qx87"
},
{
"name": "https://github.com/baserproject/basercms/commit/18549396e5a9b8294306a54a876af164b0b57da4",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/baserproject/basercms/commit/18549396e5a9b8294306a54a876af164b0b57da4"
},
{
"name": "https://basercms.net/security/JVN_73283159",
"tags": [
"x_refsource_MISC"
],
"url": "https://basercms.net/security/JVN_73283159"
}
],
"source": {
"advisory": "GHSA-66c2-p8rh-qx87",
"discovery": "UNKNOWN"
},
"title": "baserCMS Cross-site Scripting vulnerability in Site search Feature"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-44379",
"datePublished": "2024-02-22T14:47:14.333Z",
"dateReserved": "2023-09-28T17:56:32.612Z",
"dateUpdated": "2025-04-22T16:19:39.790Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-43792 (GCVE-0-2023-43792)
Vulnerability from cvelistv5 – Published: 2023-10-30 20:00 – Updated: 2024-09-05 20:20
VLAI?
Title
baserCMS Code Injection Vulnerability in Mail Form Feature
Summary
baserCMS is a website development framework. In versions 4.6.0 through 4.7.6, there is a Code Injection vulnerability in the mail form of baserCMS. As of time of publication, no known patched versions are available.
Severity ?
5.3 (Medium)
CWE
- CWE-94 - Improper Control of Generation of Code ('Code Injection')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| baserproject | basercms |
Affected:
>= 4.6.0, <= 4.7.6
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:52:11.262Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/baserproject/basercms/security/advisories/GHSA-vrm6-c878-fpq6",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/baserproject/basercms/security/advisories/GHSA-vrm6-c878-fpq6"
},
{
"name": "https://basercms.net/security/JVN_45547161",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://basercms.net/security/JVN_45547161"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-43792",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-05T20:20:30.681578Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-05T20:20:41.513Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "basercms",
"vendor": "baserproject",
"versions": [
{
"status": "affected",
"version": "\u003e= 4.6.0, \u003c= 4.7.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "baserCMS is a website development framework. In versions 4.6.0 through 4.7.6, there is a Code Injection vulnerability in the mail form of baserCMS. As of time of publication, no known patched versions are available."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94: Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-30T20:00:14.664Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/baserproject/basercms/security/advisories/GHSA-vrm6-c878-fpq6",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/baserproject/basercms/security/advisories/GHSA-vrm6-c878-fpq6"
},
{
"name": "https://basercms.net/security/JVN_45547161",
"tags": [
"x_refsource_MISC"
],
"url": "https://basercms.net/security/JVN_45547161"
}
],
"source": {
"advisory": "GHSA-vrm6-c878-fpq6",
"discovery": "UNKNOWN"
},
"title": "baserCMS Code Injection Vulnerability in Mail Form Feature"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-43792",
"datePublished": "2023-10-30T20:00:14.664Z",
"dateReserved": "2023-09-22T14:51:42.339Z",
"dateUpdated": "2024-09-05T20:20:41.513Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-43649 (GCVE-0-2023-43649)
Vulnerability from cvelistv5 – Published: 2023-10-30 18:29 – Updated: 2024-09-05 20:21
VLAI?
Title
baserCMS CSRF vulnerability in Content preview Feature
Summary
baserCMS is a website development framework. Prior to version 4.8.0, there is a cross site request forgery vulnerability in the content preview feature of baserCMS. Version 4.8.0 contains a patch for this issue.
Severity ?
4.7 (Medium)
CWE
- CWE-352 - Cross-Site Request Forgery (CSRF)
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| baserproject | basercms |
Affected:
< 4.8.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:44:43.824Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/baserproject/basercms/security/advisories/GHSA-fw9x-cqjq-7jx5",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/baserproject/basercms/security/advisories/GHSA-fw9x-cqjq-7jx5"
},
{
"name": "https://github.com/baserproject/basercms/commit/874c55433fead93e0be9df96fd28740f8047c8b6",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/baserproject/basercms/commit/874c55433fead93e0be9df96fd28740f8047c8b6"
},
{
"name": "https://basercms.net/security/JVN_99052047",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://basercms.net/security/JVN_99052047"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-43649",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-05T20:21:18.415867Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-05T20:21:29.656Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "basercms",
"vendor": "baserproject",
"versions": [
{
"status": "affected",
"version": "\u003c 4.8.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "baserCMS is a website development framework. Prior to version 4.8.0, there is a cross site request forgery vulnerability in the content preview feature of baserCMS. Version 4.8.0 contains a patch for this issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352: Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-30T18:29:26.783Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/baserproject/basercms/security/advisories/GHSA-fw9x-cqjq-7jx5",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/baserproject/basercms/security/advisories/GHSA-fw9x-cqjq-7jx5"
},
{
"name": "https://github.com/baserproject/basercms/commit/874c55433fead93e0be9df96fd28740f8047c8b6",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/baserproject/basercms/commit/874c55433fead93e0be9df96fd28740f8047c8b6"
},
{
"name": "https://basercms.net/security/JVN_99052047",
"tags": [
"x_refsource_MISC"
],
"url": "https://basercms.net/security/JVN_99052047"
}
],
"source": {
"advisory": "GHSA-fw9x-cqjq-7jx5",
"discovery": "UNKNOWN"
},
"title": "baserCMS CSRF vulnerability in Content preview Feature"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-43649",
"datePublished": "2023-10-30T18:29:26.783Z",
"dateReserved": "2023-09-20T15:35:38.147Z",
"dateUpdated": "2024-09-05T20:21:29.656Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-43648 (GCVE-0-2023-43648)
Vulnerability from cvelistv5 – Published: 2023-10-30 18:24 – Updated: 2024-09-05 20:22
VLAI?
Title
baserCMS Directory Traversal vulnerability in Form submission data management Feature
Summary
baserCMS is a website development framework. Prior to version 4.8.0, there is a Directory Traversal Vulnerability in the form submission data management feature of baserCMS. Version 4.8.0 contains a patch for this issue.
Severity ?
4.9 (Medium)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| baserproject | basercms |
Affected:
< 4.8.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:44:44.245Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/baserproject/basercms/security/advisories/GHSA-hmqj-gv2m-hq55",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/baserproject/basercms/security/advisories/GHSA-hmqj-gv2m-hq55"
},
{
"name": "https://github.com/baserproject/basercms/commit/7555a5cf0006755dc0223fffc2d882b50a97758b",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/baserproject/basercms/commit/7555a5cf0006755dc0223fffc2d882b50a97758b"
},
{
"name": "https://basercms.net/security/JVN_81174674",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://basercms.net/security/JVN_81174674"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-43648",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-05T20:22:00.718382Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-05T20:22:13.953Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "basercms",
"vendor": "baserproject",
"versions": [
{
"status": "affected",
"version": "\u003c 4.8.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "baserCMS is a website development framework. Prior to version 4.8.0, there is a Directory Traversal Vulnerability in the form submission data management feature of baserCMS. Version 4.8.0 contains a patch for this issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-30T18:24:24.733Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/baserproject/basercms/security/advisories/GHSA-hmqj-gv2m-hq55",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/baserproject/basercms/security/advisories/GHSA-hmqj-gv2m-hq55"
},
{
"name": "https://github.com/baserproject/basercms/commit/7555a5cf0006755dc0223fffc2d882b50a97758b",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/baserproject/basercms/commit/7555a5cf0006755dc0223fffc2d882b50a97758b"
},
{
"name": "https://basercms.net/security/JVN_81174674",
"tags": [
"x_refsource_MISC"
],
"url": "https://basercms.net/security/JVN_81174674"
}
],
"source": {
"advisory": "GHSA-hmqj-gv2m-hq55",
"discovery": "UNKNOWN"
},
"title": "baserCMS Directory Traversal vulnerability in Form submission data management Feature"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-43648",
"datePublished": "2023-10-30T18:24:24.733Z",
"dateReserved": "2023-09-20T15:35:38.147Z",
"dateUpdated": "2024-09-05T20:22:13.953Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-43647 (GCVE-0-2023-43647)
Vulnerability from cvelistv5 – Published: 2023-10-30 18:18 – Updated: 2024-09-06 20:13
VLAI?
Title
baserCMS Cross-site Scripting vulnerability in File upload Feature
Summary
baserCMS is a website development framework. Prior to version 4.8.0, there is a cross-site scripting vulnerability in the file upload feature of baserCMS. Version 4.8.0 contains a patch for this issue.
Severity ?
6.1 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| baserproject | basercms |
Affected:
< 4.8.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:44:43.846Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/baserproject/basercms/security/advisories/GHSA-ggj4-78rm-6xgv",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/baserproject/basercms/security/advisories/GHSA-ggj4-78rm-6xgv"
},
{
"name": "https://github.com/baserproject/basercms/commit/eb5977533d05db4f3bb03bd19630b66052799b2e",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/baserproject/basercms/commit/eb5977533d05db4f3bb03bd19630b66052799b2e"
},
{
"name": "https://basercms.net/security/JVN_24381990",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://basercms.net/security/JVN_24381990"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-43647",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-06T20:12:52.747465Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-06T20:13:17.297Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "basercms",
"vendor": "baserproject",
"versions": [
{
"status": "affected",
"version": "\u003c 4.8.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "baserCMS is a website development framework. Prior to version 4.8.0, there is a cross-site scripting vulnerability in the file upload feature of baserCMS. Version 4.8.0 contains a patch for this issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-30T18:18:35.381Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/baserproject/basercms/security/advisories/GHSA-ggj4-78rm-6xgv",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/baserproject/basercms/security/advisories/GHSA-ggj4-78rm-6xgv"
},
{
"name": "https://github.com/baserproject/basercms/commit/eb5977533d05db4f3bb03bd19630b66052799b2e",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/baserproject/basercms/commit/eb5977533d05db4f3bb03bd19630b66052799b2e"
},
{
"name": "https://basercms.net/security/JVN_24381990",
"tags": [
"x_refsource_MISC"
],
"url": "https://basercms.net/security/JVN_24381990"
}
],
"source": {
"advisory": "GHSA-ggj4-78rm-6xgv",
"discovery": "UNKNOWN"
},
"title": "baserCMS Cross-site Scripting vulnerability in File upload Feature"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-43647",
"datePublished": "2023-10-30T18:18:35.381Z",
"dateReserved": "2023-09-20T15:35:38.146Z",
"dateUpdated": "2024-09-06T20:13:17.297Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-29009 (GCVE-0-2023-29009)
Vulnerability from cvelistv5 – Published: 2023-10-27 19:30 – Updated: 2024-09-09 14:59
VLAI?
Title
basercms XSS Vulnerability via Favorites Feature
Summary
baserCMS is a website development framework with WebAPI that runs on PHP8 and CakePHP4. There is a XSS Vulnerability in Favorites Feature to baserCMS. This issue has been patched in version 4.8.0.
Severity ?
6.1 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| baserproject | basercms |
Affected:
< 4.8.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:00:14.347Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/baserproject/basercms/security/advisories/GHSA-8vqx-prq4-rqrq",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/baserproject/basercms/security/advisories/GHSA-8vqx-prq4-rqrq"
},
{
"name": "https://basercms.net/security/JVN_45547161",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://basercms.net/security/JVN_45547161"
},
{
"name": "https://github.com/baserproject/basercms/releases/tag/basercms-4.8.0",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/baserproject/basercms/releases/tag/basercms-4.8.0"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-29009",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-09T14:59:04.595609Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-09T14:59:18.101Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "basercms",
"vendor": "baserproject",
"versions": [
{
"status": "affected",
"version": "\u003c 4.8.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "baserCMS is a website development framework with WebAPI that runs on PHP8 and CakePHP4. There is a XSS Vulnerability in Favorites Feature to baserCMS. This issue has been patched in version 4.8.0.\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-27T19:30:18.390Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/baserproject/basercms/security/advisories/GHSA-8vqx-prq4-rqrq",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/baserproject/basercms/security/advisories/GHSA-8vqx-prq4-rqrq"
},
{
"name": "https://basercms.net/security/JVN_45547161",
"tags": [
"x_refsource_MISC"
],
"url": "https://basercms.net/security/JVN_45547161"
},
{
"name": "https://github.com/baserproject/basercms/releases/tag/basercms-4.8.0",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/baserproject/basercms/releases/tag/basercms-4.8.0"
}
],
"source": {
"advisory": "GHSA-8vqx-prq4-rqrq",
"discovery": "UNKNOWN"
},
"title": "basercms XSS Vulnerability via Favorites Feature"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-29009",
"datePublished": "2023-10-27T19:30:18.390Z",
"dateReserved": "2023-03-29T17:39:16.143Z",
"dateUpdated": "2024-09-09T14:59:18.101Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-25655 (GCVE-0-2023-25655)
Vulnerability from cvelistv5 – Published: 2023-03-23 19:23 – Updated: 2025-02-25 14:50
VLAI?
Title
baserCMS allows any file to be uploaded
Summary
baserCMS is a Content Management system. Prior to version 4.7.5, any file may be uploaded on the management system of baserCMS. Version 4.7.5 contains a patch.
Severity ?
9.8 (Critical)
CWE
- CWE-434 - Unrestricted Upload of File with Dangerous Type
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| baserproject | basercms |
Affected:
< 4.7.5
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:25:19.267Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/baserproject/basercms/security/advisories/GHSA-mfvg-qwcw-qvc8",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/baserproject/basercms/security/advisories/GHSA-mfvg-qwcw-qvc8"
},
{
"name": "https://github.com/baserproject/basercms/commit/922025a98b0e697ab78f6a785a004e0729aa9100",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/baserproject/basercms/commit/922025a98b0e697ab78f6a785a004e0729aa9100"
},
{
"name": "https://github.com/baserproject/basercms/commit/9297629983ed908c7f51bf61a0231dde91404ebd",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/baserproject/basercms/commit/9297629983ed908c7f51bf61a0231dde91404ebd"
},
{
"name": "https://github.com/baserproject/basercms/releases/tag/basercms-4.7.5",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/baserproject/basercms/releases/tag/basercms-4.7.5"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-25655",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-25T14:30:57.300738Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-25T14:50:52.950Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "basercms",
"vendor": "baserproject",
"versions": [
{
"status": "affected",
"version": "\u003c 4.7.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "baserCMS is a Content Management system. Prior to version 4.7.5, any file may be uploaded on the management system of baserCMS. Version 4.7.5 contains a patch."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434: Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-23T19:23:58.897Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/baserproject/basercms/security/advisories/GHSA-mfvg-qwcw-qvc8",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/baserproject/basercms/security/advisories/GHSA-mfvg-qwcw-qvc8"
},
{
"name": "https://github.com/baserproject/basercms/commit/922025a98b0e697ab78f6a785a004e0729aa9100",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/baserproject/basercms/commit/922025a98b0e697ab78f6a785a004e0729aa9100"
},
{
"name": "https://github.com/baserproject/basercms/commit/9297629983ed908c7f51bf61a0231dde91404ebd",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/baserproject/basercms/commit/9297629983ed908c7f51bf61a0231dde91404ebd"
},
{
"name": "https://github.com/baserproject/basercms/releases/tag/basercms-4.7.5",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/baserproject/basercms/releases/tag/basercms-4.7.5"
}
],
"source": {
"advisory": "GHSA-mfvg-qwcw-qvc8",
"discovery": "UNKNOWN"
},
"title": "baserCMS allows any file to be uploaded"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-25655",
"datePublished": "2023-03-23T19:23:58.897Z",
"dateReserved": "2023-02-09T20:58:21.856Z",
"dateUpdated": "2025-02-25T14:50:52.950Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-25654 (GCVE-0-2023-25654)
Vulnerability from cvelistv5 – Published: 2023-03-23 19:22 – Updated: 2025-02-25 14:51
VLAI?
Title
baserCMS File Uploader Remote Code Execution (RCE) vulnerability
Summary
baserCMS is a Content Management system. Prior to version 4.7.5, there is a Remote Code Execution (RCE) Vulnerability in the management system of baserCMS. Version 4.7.5 contains a patch.
Severity ?
9.8 (Critical)
CWE
- CWE-434 - Unrestricted Upload of File with Dangerous Type
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| baserproject | basercms |
Affected:
< 4.7.4
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:25:19.263Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/baserproject/basercms/security/advisories/GHSA-h4cc-fxpp-pgw9",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/baserproject/basercms/security/advisories/GHSA-h4cc-fxpp-pgw9"
},
{
"name": "https://github.com/baserproject/basercms/commit/002886be0998c74c386e04f0b43688a8a45d7a96",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/baserproject/basercms/commit/002886be0998c74c386e04f0b43688a8a45d7a96"
},
{
"name": "https://github.com/baserproject/basercms/commit/08247f0a633d8e836ce2e5cd2d53aa19901a1359",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/baserproject/basercms/commit/08247f0a633d8e836ce2e5cd2d53aa19901a1359"
},
{
"name": "https://github.com/baserproject/basercms/commit/60f83054d8131b0ace60716cec7e629b5eb3a8f0",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/baserproject/basercms/commit/60f83054d8131b0ace60716cec7e629b5eb3a8f0"
},
{
"name": "https://github.com/baserproject/basercms/releases/tag/basercms-4.7.5",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/baserproject/basercms/releases/tag/basercms-4.7.5"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-25654",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-25T14:31:00.301971Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-25T14:51:02.752Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "basercms",
"vendor": "baserproject",
"versions": [
{
"status": "affected",
"version": "\u003c 4.7.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "baserCMS is a Content Management system. Prior to version 4.7.5, there is a Remote Code Execution (RCE) Vulnerability in the management system of baserCMS. Version 4.7.5 contains a patch."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434: Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-23T19:22:30.154Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/baserproject/basercms/security/advisories/GHSA-h4cc-fxpp-pgw9",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/baserproject/basercms/security/advisories/GHSA-h4cc-fxpp-pgw9"
},
{
"name": "https://github.com/baserproject/basercms/commit/002886be0998c74c386e04f0b43688a8a45d7a96",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/baserproject/basercms/commit/002886be0998c74c386e04f0b43688a8a45d7a96"
},
{
"name": "https://github.com/baserproject/basercms/commit/08247f0a633d8e836ce2e5cd2d53aa19901a1359",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/baserproject/basercms/commit/08247f0a633d8e836ce2e5cd2d53aa19901a1359"
},
{
"name": "https://github.com/baserproject/basercms/commit/60f83054d8131b0ace60716cec7e629b5eb3a8f0",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/baserproject/basercms/commit/60f83054d8131b0ace60716cec7e629b5eb3a8f0"
},
{
"name": "https://github.com/baserproject/basercms/releases/tag/basercms-4.7.5",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/baserproject/basercms/releases/tag/basercms-4.7.5"
}
],
"source": {
"advisory": "GHSA-h4cc-fxpp-pgw9",
"discovery": "UNKNOWN"
},
"title": "baserCMS File Uploader Remote Code Execution (RCE) vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-25654",
"datePublished": "2023-03-23T19:22:30.154Z",
"dateReserved": "2023-02-09T20:58:21.856Z",
"dateUpdated": "2025-02-25T14:51:02.752Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-39325 (GCVE-0-2022-39325)
Vulnerability from cvelistv5 – Published: 2022-11-25 00:00 – Updated: 2025-04-23 16:35
VLAI?
Title
Cross-site scripting vulnerability in BaserCMS
Summary
BaserCMS is a content management system with a japanese language focus. In affected versions there is a cross-site scripting vulnerability on the management system of baserCMS. This is a vulnerability that needs to be addressed when the management system is used by an unspecified number of users. Users of baserCMS are advised to upgrade as soon as possible. There are no known workarounds for this vulnerability.
Severity ?
4.6 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| baserproject | basercms |
Affected:
< 4.7.2
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T12:00:44.080Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/baserproject/basercms/security/advisories/GHSA-395x-wv32-44v5"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/baserproject/basercms/commit/b6f8a54e90dee51317eddf517b776fe8b4cd3ef6"
},
{
"tags": [
"x_transferred"
],
"url": "https://basercms.net/security/JVN_53682526"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-39325",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T13:54:00.299306Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-23T16:35:13.737Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "basercms",
"vendor": "baserproject",
"versions": [
{
"status": "affected",
"version": "\u003c 4.7.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "BaserCMS is a content management system with a japanese language focus. In affected versions there is a cross-site scripting vulnerability on the management system of baserCMS. This is a vulnerability that needs to be addressed when the management system is used by an unspecified number of users. Users of baserCMS are advised to upgrade as soon as possible. There are no known workarounds for this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-25T00:00:00.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"url": "https://github.com/baserproject/basercms/security/advisories/GHSA-395x-wv32-44v5"
},
{
"url": "https://github.com/baserproject/basercms/commit/b6f8a54e90dee51317eddf517b776fe8b4cd3ef6"
},
{
"url": "https://basercms.net/security/JVN_53682526"
}
],
"source": {
"advisory": "GHSA-395x-wv32-44v5",
"discovery": "UNKNOWN"
},
"title": "Cross-site scripting vulnerability in BaserCMS"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-39325",
"datePublished": "2022-11-25T00:00:00.000Z",
"dateReserved": "2022-09-02T00:00:00.000Z",
"dateUpdated": "2025-04-23T16:35:13.737Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-46998 (GCVE-0-2024-46998)
Vulnerability from nvd – Published: 2024-10-24 18:52 – Updated: 2024-10-24 20:01
VLAI?
Title
baserCMS has a Cross-site Scripting (XSS) Vulnerability in Edit Email Form Settings Feature
Summary
baserCMS is a website development framework. Versions prior to 5.1.2 have a cross-site scripting vulnerability in the Edit Email Form Settings Feature. Version 5.1.2 fixes the issue.
Severity ?
7.1 (High)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| baserproject | basercms |
Affected:
< 5.1.2
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-46998",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-24T20:01:19.157961Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-24T20:01:26.743Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "basercms",
"vendor": "baserproject",
"versions": [
{
"status": "affected",
"version": "\u003c 5.1.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "baserCMS is a website development framework. Versions prior to 5.1.2 have a cross-site scripting vulnerability in the Edit Email Form Settings Feature. Version 5.1.2 fixes the issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-24T18:52:08.244Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/baserproject/basercms/security/advisories/GHSA-p3m2-mj3j-j49x",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/baserproject/basercms/security/advisories/GHSA-p3m2-mj3j-j49x"
},
{
"name": "https://basercms.net/security/JVN_98693329",
"tags": [
"x_refsource_MISC"
],
"url": "https://basercms.net/security/JVN_98693329"
}
],
"source": {
"advisory": "GHSA-p3m2-mj3j-j49x",
"discovery": "UNKNOWN"
},
"title": "baserCMS has a Cross-site Scripting (XSS) Vulnerability in Edit Email Form Settings Feature"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-46998",
"datePublished": "2024-10-24T18:52:08.244Z",
"dateReserved": "2024-09-16T16:10:09.021Z",
"dateUpdated": "2024-10-24T20:01:26.743Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-46996 (GCVE-0-2024-46996)
Vulnerability from nvd – Published: 2024-10-24 18:35 – Updated: 2024-10-24 19:22
VLAI?
Title
baserCMS has a Cross-site Scripting (XSS) Vulnerability in Blog posts Feature
Summary
baserCMS is a website development framework. Versions prior to 5.1.2 have a cross-site scripting vulnerability in the Blog posts feature. Version 5.1.2 fixes this issue.
Severity ?
6.3 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| baserproject | basercms |
Affected:
< 5.1.2
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-46996",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-24T19:22:34.768401Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-24T19:22:51.973Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "basercms",
"vendor": "baserproject",
"versions": [
{
"status": "affected",
"version": "\u003c 5.1.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "baserCMS is a website development framework. Versions prior to 5.1.2 have a cross-site scripting vulnerability in the Blog posts feature. Version 5.1.2 fixes this issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-24T18:35:21.088Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/baserproject/basercms/security/advisories/GHSA-66jv-qrm3-vvfg",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/baserproject/basercms/security/advisories/GHSA-66jv-qrm3-vvfg"
},
{
"name": "https://basercms.net/security/JVN_00876083",
"tags": [
"x_refsource_MISC"
],
"url": "https://basercms.net/security/JVN_00876083"
}
],
"source": {
"advisory": "GHSA-66jv-qrm3-vvfg",
"discovery": "UNKNOWN"
},
"title": "baserCMS has a Cross-site Scripting (XSS) Vulnerability in Blog posts Feature"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-46996",
"datePublished": "2024-10-24T18:35:21.088Z",
"dateReserved": "2024-09-16T16:10:09.021Z",
"dateUpdated": "2024-10-24T19:22:51.973Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-46995 (GCVE-0-2024-46995)
Vulnerability from nvd – Published: 2024-10-24 18:31 – Updated: 2024-10-24 19:23
VLAI?
Title
baserCMS has Cross-site Scripting Vulnerability in HTTP 400 Bad Request
Summary
baserCMS is a website development framework. Versions prior to 5.1.2 have a cross-site scripting vulnerability in HTTP 400 Bad Request. Version 5.1.2 fixes this issue.
Severity ?
6.1 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| baserproject | basercms |
Affected:
< 5.1.2
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-46995",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-24T19:23:15.416390Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-24T19:23:24.838Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "basercms",
"vendor": "baserproject",
"versions": [
{
"status": "affected",
"version": "\u003c 5.1.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "baserCMS is a website development framework. Versions prior to 5.1.2 have a cross-site scripting vulnerability in HTTP 400 Bad Request. Version 5.1.2 fixes this issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-24T18:31:12.796Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/baserproject/basercms/security/advisories/GHSA-mr7q-fv7j-jcgv",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/baserproject/basercms/security/advisories/GHSA-mr7q-fv7j-jcgv"
},
{
"name": "https://basercms.net/security/JVN_06274755",
"tags": [
"x_refsource_MISC"
],
"url": "https://basercms.net/security/JVN_06274755"
}
],
"source": {
"advisory": "GHSA-mr7q-fv7j-jcgv",
"discovery": "UNKNOWN"
},
"title": "baserCMS has Cross-site Scripting Vulnerability in HTTP 400 Bad Request"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-46995",
"datePublished": "2024-10-24T18:31:12.796Z",
"dateReserved": "2024-09-16T16:10:09.020Z",
"dateUpdated": "2024-10-24T19:23:24.838Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-46994 (GCVE-0-2024-46994)
Vulnerability from nvd – Published: 2024-10-24 18:22 – Updated: 2024-10-24 19:23
VLAI?
Title
baserCMS has Cross-site Scripting Vulnerability in Blog posts and Contents list Feature
Summary
baserCMS is a website development framework. Versions prior to 5.1.2 have a cross-site scripting vulnerability in Blog posts and Contents list Feature. Version 5.1.2 fixes this issue.
Severity ?
5.4 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| baserproject | basercms |
Affected:
< 5.1.2
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-46994",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-24T19:23:44.404037Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-24T19:23:55.028Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "basercms",
"vendor": "baserproject",
"versions": [
{
"status": "affected",
"version": "\u003c 5.1.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "baserCMS is a website development framework. Versions prior to 5.1.2 have a cross-site scripting vulnerability in Blog posts and Contents list Feature. Version 5.1.2 fixes this issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-24T18:27:01.650Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/baserproject/basercms/security/advisories/GHSA-wrjc-fmfq-w3jr",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/baserproject/basercms/security/advisories/GHSA-wrjc-fmfq-w3jr"
},
{
"name": "https://basercms.net/security/JVN_00876083",
"tags": [
"x_refsource_MISC"
],
"url": "https://basercms.net/security/JVN_00876083"
}
],
"source": {
"advisory": "GHSA-wrjc-fmfq-w3jr",
"discovery": "UNKNOWN"
},
"title": "baserCMS has Cross-site Scripting Vulnerability in Blog posts and Contents list Feature"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-46994",
"datePublished": "2024-10-24T18:22:25.924Z",
"dateReserved": "2024-09-16T16:10:09.020Z",
"dateUpdated": "2024-10-24T19:23:55.028Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-26128 (GCVE-0-2024-26128)
Vulnerability from nvd – Published: 2024-02-22 18:32 – Updated: 2024-08-01 23:59
VLAI?
Title
baserCMS Cross-site Scripting vulnerability in Content Management
Summary
baserCMS is a website development framework. Prior to version 5.0.9, there is a cross-site scripting vulnerability in the content management feature. Version 5.0.9 contains a fix for this vulnerability.
Severity ?
5.4 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| baserproject | basercms |
Affected:
< 5.0.9
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-26128",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-12T15:20:28.991506Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-12T18:18:41.298Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:59:32.303Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/baserproject/basercms/security/advisories/GHSA-jjxq-m8h3-4vw5",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/baserproject/basercms/security/advisories/GHSA-jjxq-m8h3-4vw5"
},
{
"name": "https://github.com/baserproject/basercms/commit/18f426d63e752b4d22c40e9ea8d1f6e692ef601c",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/baserproject/basercms/commit/18f426d63e752b4d22c40e9ea8d1f6e692ef601c"
},
{
"name": "https://basercms.net/security/JVN_73283159",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://basercms.net/security/JVN_73283159"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "basercms",
"vendor": "baserproject",
"versions": [
{
"status": "affected",
"version": "\u003c 5.0.9"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "baserCMS is a website development framework. Prior to version 5.0.9, there is a cross-site scripting vulnerability in the content management feature. Version 5.0.9 contains a fix for this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-22T18:32:43.866Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/baserproject/basercms/security/advisories/GHSA-jjxq-m8h3-4vw5",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/baserproject/basercms/security/advisories/GHSA-jjxq-m8h3-4vw5"
},
{
"name": "https://github.com/baserproject/basercms/commit/18f426d63e752b4d22c40e9ea8d1f6e692ef601c",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/baserproject/basercms/commit/18f426d63e752b4d22c40e9ea8d1f6e692ef601c"
},
{
"name": "https://basercms.net/security/JVN_73283159",
"tags": [
"x_refsource_MISC"
],
"url": "https://basercms.net/security/JVN_73283159"
}
],
"source": {
"advisory": "GHSA-jjxq-m8h3-4vw5",
"discovery": "UNKNOWN"
},
"title": "baserCMS Cross-site Scripting vulnerability in Content Management"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-26128",
"datePublished": "2024-02-22T18:32:43.866Z",
"dateReserved": "2024-02-14T17:40:03.687Z",
"dateUpdated": "2024-08-01T23:59:32.303Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-51450 (GCVE-0-2023-51450)
Vulnerability from nvd – Published: 2024-02-22 14:50 – Updated: 2024-08-02 22:32
VLAI?
Title
baserCMS OS command injection vulnerability in Installer
Summary
baserCMS is a website development framework. Prior to version 5.0.9, there is an OS Command Injection vulnerability in the site search feature of baserCMS. Version 5.0.9 contains a fix for this vulnerability.
Severity ?
5.6 (Medium)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| baserproject | basercms |
Affected:
< 5.0.9
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-51450",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-22T16:32:12.187899Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-05T17:21:55.047Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:32:10.287Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/baserproject/basercms/security/advisories/GHSA-77fc-4cv5-hmfr",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/baserproject/basercms/security/advisories/GHSA-77fc-4cv5-hmfr"
},
{
"name": "https://github.com/baserproject/basercms/commit/18f426d63e752b4d22c40e9ea8d1f6e692ef601c",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/baserproject/basercms/commit/18f426d63e752b4d22c40e9ea8d1f6e692ef601c"
},
{
"name": "https://basercms.net/security/JVN_09767360",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://basercms.net/security/JVN_09767360"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "basercms",
"vendor": "baserproject",
"versions": [
{
"status": "affected",
"version": "\u003c 5.0.9"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "baserCMS is a website development framework. Prior to version 5.0.9, there is an OS Command Injection vulnerability in the site search feature of baserCMS. Version 5.0.9 contains a fix for this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-22T14:50:51.098Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/baserproject/basercms/security/advisories/GHSA-77fc-4cv5-hmfr",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/baserproject/basercms/security/advisories/GHSA-77fc-4cv5-hmfr"
},
{
"name": "https://github.com/baserproject/basercms/commit/18f426d63e752b4d22c40e9ea8d1f6e692ef601c",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/baserproject/basercms/commit/18f426d63e752b4d22c40e9ea8d1f6e692ef601c"
},
{
"name": "https://basercms.net/security/JVN_09767360",
"tags": [
"x_refsource_MISC"
],
"url": "https://basercms.net/security/JVN_09767360"
}
],
"source": {
"advisory": "GHSA-77fc-4cv5-hmfr",
"discovery": "UNKNOWN"
},
"title": "baserCMS OS command injection vulnerability in Installer"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-51450",
"datePublished": "2024-02-22T14:50:51.098Z",
"dateReserved": "2023-12-19T15:19:39.615Z",
"dateUpdated": "2024-08-02T22:32:10.287Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-44379 (GCVE-0-2023-44379)
Vulnerability from nvd – Published: 2024-02-22 14:47 – Updated: 2025-04-22 16:19
VLAI?
Title
baserCMS Cross-site Scripting vulnerability in Site search Feature
Summary
baserCMS is a website development framework. Prior to version 5.0.9, there is a cross-site scripting vulnerability in the site search feature. Version 5.0.9 contains a fix for this vulnerability.
Severity ?
6.1 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| baserproject | basercms |
Affected:
< 5.0.9
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-44379",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-22T16:39:22.092743Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-22T16:19:39.790Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:07:33.116Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/baserproject/basercms/security/advisories/GHSA-66c2-p8rh-qx87",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/baserproject/basercms/security/advisories/GHSA-66c2-p8rh-qx87"
},
{
"name": "https://github.com/baserproject/basercms/commit/18549396e5a9b8294306a54a876af164b0b57da4",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/baserproject/basercms/commit/18549396e5a9b8294306a54a876af164b0b57da4"
},
{
"name": "https://basercms.net/security/JVN_73283159",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://basercms.net/security/JVN_73283159"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "basercms",
"vendor": "baserproject",
"versions": [
{
"status": "affected",
"version": "\u003c 5.0.9"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "baserCMS is a website development framework. Prior to version 5.0.9, there is a cross-site scripting vulnerability in the site search feature. Version 5.0.9 contains a fix for this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-22T14:47:14.333Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/baserproject/basercms/security/advisories/GHSA-66c2-p8rh-qx87",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/baserproject/basercms/security/advisories/GHSA-66c2-p8rh-qx87"
},
{
"name": "https://github.com/baserproject/basercms/commit/18549396e5a9b8294306a54a876af164b0b57da4",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/baserproject/basercms/commit/18549396e5a9b8294306a54a876af164b0b57da4"
},
{
"name": "https://basercms.net/security/JVN_73283159",
"tags": [
"x_refsource_MISC"
],
"url": "https://basercms.net/security/JVN_73283159"
}
],
"source": {
"advisory": "GHSA-66c2-p8rh-qx87",
"discovery": "UNKNOWN"
},
"title": "baserCMS Cross-site Scripting vulnerability in Site search Feature"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-44379",
"datePublished": "2024-02-22T14:47:14.333Z",
"dateReserved": "2023-09-28T17:56:32.612Z",
"dateUpdated": "2025-04-22T16:19:39.790Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-43792 (GCVE-0-2023-43792)
Vulnerability from nvd – Published: 2023-10-30 20:00 – Updated: 2024-09-05 20:20
VLAI?
Title
baserCMS Code Injection Vulnerability in Mail Form Feature
Summary
baserCMS is a website development framework. In versions 4.6.0 through 4.7.6, there is a Code Injection vulnerability in the mail form of baserCMS. As of time of publication, no known patched versions are available.
Severity ?
5.3 (Medium)
CWE
- CWE-94 - Improper Control of Generation of Code ('Code Injection')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| baserproject | basercms |
Affected:
>= 4.6.0, <= 4.7.6
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:52:11.262Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/baserproject/basercms/security/advisories/GHSA-vrm6-c878-fpq6",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/baserproject/basercms/security/advisories/GHSA-vrm6-c878-fpq6"
},
{
"name": "https://basercms.net/security/JVN_45547161",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://basercms.net/security/JVN_45547161"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-43792",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-05T20:20:30.681578Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-05T20:20:41.513Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "basercms",
"vendor": "baserproject",
"versions": [
{
"status": "affected",
"version": "\u003e= 4.6.0, \u003c= 4.7.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "baserCMS is a website development framework. In versions 4.6.0 through 4.7.6, there is a Code Injection vulnerability in the mail form of baserCMS. As of time of publication, no known patched versions are available."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94: Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-30T20:00:14.664Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/baserproject/basercms/security/advisories/GHSA-vrm6-c878-fpq6",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/baserproject/basercms/security/advisories/GHSA-vrm6-c878-fpq6"
},
{
"name": "https://basercms.net/security/JVN_45547161",
"tags": [
"x_refsource_MISC"
],
"url": "https://basercms.net/security/JVN_45547161"
}
],
"source": {
"advisory": "GHSA-vrm6-c878-fpq6",
"discovery": "UNKNOWN"
},
"title": "baserCMS Code Injection Vulnerability in Mail Form Feature"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-43792",
"datePublished": "2023-10-30T20:00:14.664Z",
"dateReserved": "2023-09-22T14:51:42.339Z",
"dateUpdated": "2024-09-05T20:20:41.513Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-43649 (GCVE-0-2023-43649)
Vulnerability from nvd – Published: 2023-10-30 18:29 – Updated: 2024-09-05 20:21
VLAI?
Title
baserCMS CSRF vulnerability in Content preview Feature
Summary
baserCMS is a website development framework. Prior to version 4.8.0, there is a cross site request forgery vulnerability in the content preview feature of baserCMS. Version 4.8.0 contains a patch for this issue.
Severity ?
4.7 (Medium)
CWE
- CWE-352 - Cross-Site Request Forgery (CSRF)
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| baserproject | basercms |
Affected:
< 4.8.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:44:43.824Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/baserproject/basercms/security/advisories/GHSA-fw9x-cqjq-7jx5",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/baserproject/basercms/security/advisories/GHSA-fw9x-cqjq-7jx5"
},
{
"name": "https://github.com/baserproject/basercms/commit/874c55433fead93e0be9df96fd28740f8047c8b6",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/baserproject/basercms/commit/874c55433fead93e0be9df96fd28740f8047c8b6"
},
{
"name": "https://basercms.net/security/JVN_99052047",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://basercms.net/security/JVN_99052047"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-43649",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-05T20:21:18.415867Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-05T20:21:29.656Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "basercms",
"vendor": "baserproject",
"versions": [
{
"status": "affected",
"version": "\u003c 4.8.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "baserCMS is a website development framework. Prior to version 4.8.0, there is a cross site request forgery vulnerability in the content preview feature of baserCMS. Version 4.8.0 contains a patch for this issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352: Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-30T18:29:26.783Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/baserproject/basercms/security/advisories/GHSA-fw9x-cqjq-7jx5",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/baserproject/basercms/security/advisories/GHSA-fw9x-cqjq-7jx5"
},
{
"name": "https://github.com/baserproject/basercms/commit/874c55433fead93e0be9df96fd28740f8047c8b6",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/baserproject/basercms/commit/874c55433fead93e0be9df96fd28740f8047c8b6"
},
{
"name": "https://basercms.net/security/JVN_99052047",
"tags": [
"x_refsource_MISC"
],
"url": "https://basercms.net/security/JVN_99052047"
}
],
"source": {
"advisory": "GHSA-fw9x-cqjq-7jx5",
"discovery": "UNKNOWN"
},
"title": "baserCMS CSRF vulnerability in Content preview Feature"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-43649",
"datePublished": "2023-10-30T18:29:26.783Z",
"dateReserved": "2023-09-20T15:35:38.147Z",
"dateUpdated": "2024-09-05T20:21:29.656Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-43648 (GCVE-0-2023-43648)
Vulnerability from nvd – Published: 2023-10-30 18:24 – Updated: 2024-09-05 20:22
VLAI?
Title
baserCMS Directory Traversal vulnerability in Form submission data management Feature
Summary
baserCMS is a website development framework. Prior to version 4.8.0, there is a Directory Traversal Vulnerability in the form submission data management feature of baserCMS. Version 4.8.0 contains a patch for this issue.
Severity ?
4.9 (Medium)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| baserproject | basercms |
Affected:
< 4.8.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:44:44.245Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/baserproject/basercms/security/advisories/GHSA-hmqj-gv2m-hq55",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/baserproject/basercms/security/advisories/GHSA-hmqj-gv2m-hq55"
},
{
"name": "https://github.com/baserproject/basercms/commit/7555a5cf0006755dc0223fffc2d882b50a97758b",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/baserproject/basercms/commit/7555a5cf0006755dc0223fffc2d882b50a97758b"
},
{
"name": "https://basercms.net/security/JVN_81174674",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://basercms.net/security/JVN_81174674"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-43648",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-05T20:22:00.718382Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-05T20:22:13.953Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "basercms",
"vendor": "baserproject",
"versions": [
{
"status": "affected",
"version": "\u003c 4.8.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "baserCMS is a website development framework. Prior to version 4.8.0, there is a Directory Traversal Vulnerability in the form submission data management feature of baserCMS. Version 4.8.0 contains a patch for this issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-30T18:24:24.733Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/baserproject/basercms/security/advisories/GHSA-hmqj-gv2m-hq55",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/baserproject/basercms/security/advisories/GHSA-hmqj-gv2m-hq55"
},
{
"name": "https://github.com/baserproject/basercms/commit/7555a5cf0006755dc0223fffc2d882b50a97758b",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/baserproject/basercms/commit/7555a5cf0006755dc0223fffc2d882b50a97758b"
},
{
"name": "https://basercms.net/security/JVN_81174674",
"tags": [
"x_refsource_MISC"
],
"url": "https://basercms.net/security/JVN_81174674"
}
],
"source": {
"advisory": "GHSA-hmqj-gv2m-hq55",
"discovery": "UNKNOWN"
},
"title": "baserCMS Directory Traversal vulnerability in Form submission data management Feature"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-43648",
"datePublished": "2023-10-30T18:24:24.733Z",
"dateReserved": "2023-09-20T15:35:38.147Z",
"dateUpdated": "2024-09-05T20:22:13.953Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-43647 (GCVE-0-2023-43647)
Vulnerability from nvd – Published: 2023-10-30 18:18 – Updated: 2024-09-06 20:13
VLAI?
Title
baserCMS Cross-site Scripting vulnerability in File upload Feature
Summary
baserCMS is a website development framework. Prior to version 4.8.0, there is a cross-site scripting vulnerability in the file upload feature of baserCMS. Version 4.8.0 contains a patch for this issue.
Severity ?
6.1 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| baserproject | basercms |
Affected:
< 4.8.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:44:43.846Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/baserproject/basercms/security/advisories/GHSA-ggj4-78rm-6xgv",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/baserproject/basercms/security/advisories/GHSA-ggj4-78rm-6xgv"
},
{
"name": "https://github.com/baserproject/basercms/commit/eb5977533d05db4f3bb03bd19630b66052799b2e",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/baserproject/basercms/commit/eb5977533d05db4f3bb03bd19630b66052799b2e"
},
{
"name": "https://basercms.net/security/JVN_24381990",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://basercms.net/security/JVN_24381990"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-43647",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-06T20:12:52.747465Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-06T20:13:17.297Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "basercms",
"vendor": "baserproject",
"versions": [
{
"status": "affected",
"version": "\u003c 4.8.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "baserCMS is a website development framework. Prior to version 4.8.0, there is a cross-site scripting vulnerability in the file upload feature of baserCMS. Version 4.8.0 contains a patch for this issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-30T18:18:35.381Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/baserproject/basercms/security/advisories/GHSA-ggj4-78rm-6xgv",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/baserproject/basercms/security/advisories/GHSA-ggj4-78rm-6xgv"
},
{
"name": "https://github.com/baserproject/basercms/commit/eb5977533d05db4f3bb03bd19630b66052799b2e",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/baserproject/basercms/commit/eb5977533d05db4f3bb03bd19630b66052799b2e"
},
{
"name": "https://basercms.net/security/JVN_24381990",
"tags": [
"x_refsource_MISC"
],
"url": "https://basercms.net/security/JVN_24381990"
}
],
"source": {
"advisory": "GHSA-ggj4-78rm-6xgv",
"discovery": "UNKNOWN"
},
"title": "baserCMS Cross-site Scripting vulnerability in File upload Feature"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-43647",
"datePublished": "2023-10-30T18:18:35.381Z",
"dateReserved": "2023-09-20T15:35:38.146Z",
"dateUpdated": "2024-09-06T20:13:17.297Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-29009 (GCVE-0-2023-29009)
Vulnerability from nvd – Published: 2023-10-27 19:30 – Updated: 2024-09-09 14:59
VLAI?
Title
basercms XSS Vulnerability via Favorites Feature
Summary
baserCMS is a website development framework with WebAPI that runs on PHP8 and CakePHP4. There is a XSS Vulnerability in Favorites Feature to baserCMS. This issue has been patched in version 4.8.0.
Severity ?
6.1 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| baserproject | basercms |
Affected:
< 4.8.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:00:14.347Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/baserproject/basercms/security/advisories/GHSA-8vqx-prq4-rqrq",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/baserproject/basercms/security/advisories/GHSA-8vqx-prq4-rqrq"
},
{
"name": "https://basercms.net/security/JVN_45547161",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://basercms.net/security/JVN_45547161"
},
{
"name": "https://github.com/baserproject/basercms/releases/tag/basercms-4.8.0",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/baserproject/basercms/releases/tag/basercms-4.8.0"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-29009",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-09T14:59:04.595609Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-09T14:59:18.101Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "basercms",
"vendor": "baserproject",
"versions": [
{
"status": "affected",
"version": "\u003c 4.8.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "baserCMS is a website development framework with WebAPI that runs on PHP8 and CakePHP4. There is a XSS Vulnerability in Favorites Feature to baserCMS. This issue has been patched in version 4.8.0.\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-27T19:30:18.390Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/baserproject/basercms/security/advisories/GHSA-8vqx-prq4-rqrq",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/baserproject/basercms/security/advisories/GHSA-8vqx-prq4-rqrq"
},
{
"name": "https://basercms.net/security/JVN_45547161",
"tags": [
"x_refsource_MISC"
],
"url": "https://basercms.net/security/JVN_45547161"
},
{
"name": "https://github.com/baserproject/basercms/releases/tag/basercms-4.8.0",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/baserproject/basercms/releases/tag/basercms-4.8.0"
}
],
"source": {
"advisory": "GHSA-8vqx-prq4-rqrq",
"discovery": "UNKNOWN"
},
"title": "basercms XSS Vulnerability via Favorites Feature"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-29009",
"datePublished": "2023-10-27T19:30:18.390Z",
"dateReserved": "2023-03-29T17:39:16.143Z",
"dateUpdated": "2024-09-09T14:59:18.101Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-25655 (GCVE-0-2023-25655)
Vulnerability from nvd – Published: 2023-03-23 19:23 – Updated: 2025-02-25 14:50
VLAI?
Title
baserCMS allows any file to be uploaded
Summary
baserCMS is a Content Management system. Prior to version 4.7.5, any file may be uploaded on the management system of baserCMS. Version 4.7.5 contains a patch.
Severity ?
9.8 (Critical)
CWE
- CWE-434 - Unrestricted Upload of File with Dangerous Type
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| baserproject | basercms |
Affected:
< 4.7.5
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:25:19.267Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/baserproject/basercms/security/advisories/GHSA-mfvg-qwcw-qvc8",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/baserproject/basercms/security/advisories/GHSA-mfvg-qwcw-qvc8"
},
{
"name": "https://github.com/baserproject/basercms/commit/922025a98b0e697ab78f6a785a004e0729aa9100",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/baserproject/basercms/commit/922025a98b0e697ab78f6a785a004e0729aa9100"
},
{
"name": "https://github.com/baserproject/basercms/commit/9297629983ed908c7f51bf61a0231dde91404ebd",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/baserproject/basercms/commit/9297629983ed908c7f51bf61a0231dde91404ebd"
},
{
"name": "https://github.com/baserproject/basercms/releases/tag/basercms-4.7.5",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/baserproject/basercms/releases/tag/basercms-4.7.5"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-25655",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-25T14:30:57.300738Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-25T14:50:52.950Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "basercms",
"vendor": "baserproject",
"versions": [
{
"status": "affected",
"version": "\u003c 4.7.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "baserCMS is a Content Management system. Prior to version 4.7.5, any file may be uploaded on the management system of baserCMS. Version 4.7.5 contains a patch."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434: Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-23T19:23:58.897Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/baserproject/basercms/security/advisories/GHSA-mfvg-qwcw-qvc8",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/baserproject/basercms/security/advisories/GHSA-mfvg-qwcw-qvc8"
},
{
"name": "https://github.com/baserproject/basercms/commit/922025a98b0e697ab78f6a785a004e0729aa9100",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/baserproject/basercms/commit/922025a98b0e697ab78f6a785a004e0729aa9100"
},
{
"name": "https://github.com/baserproject/basercms/commit/9297629983ed908c7f51bf61a0231dde91404ebd",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/baserproject/basercms/commit/9297629983ed908c7f51bf61a0231dde91404ebd"
},
{
"name": "https://github.com/baserproject/basercms/releases/tag/basercms-4.7.5",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/baserproject/basercms/releases/tag/basercms-4.7.5"
}
],
"source": {
"advisory": "GHSA-mfvg-qwcw-qvc8",
"discovery": "UNKNOWN"
},
"title": "baserCMS allows any file to be uploaded"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-25655",
"datePublished": "2023-03-23T19:23:58.897Z",
"dateReserved": "2023-02-09T20:58:21.856Z",
"dateUpdated": "2025-02-25T14:50:52.950Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-25654 (GCVE-0-2023-25654)
Vulnerability from nvd – Published: 2023-03-23 19:22 – Updated: 2025-02-25 14:51
VLAI?
Title
baserCMS File Uploader Remote Code Execution (RCE) vulnerability
Summary
baserCMS is a Content Management system. Prior to version 4.7.5, there is a Remote Code Execution (RCE) Vulnerability in the management system of baserCMS. Version 4.7.5 contains a patch.
Severity ?
9.8 (Critical)
CWE
- CWE-434 - Unrestricted Upload of File with Dangerous Type
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| baserproject | basercms |
Affected:
< 4.7.4
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:25:19.263Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/baserproject/basercms/security/advisories/GHSA-h4cc-fxpp-pgw9",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/baserproject/basercms/security/advisories/GHSA-h4cc-fxpp-pgw9"
},
{
"name": "https://github.com/baserproject/basercms/commit/002886be0998c74c386e04f0b43688a8a45d7a96",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/baserproject/basercms/commit/002886be0998c74c386e04f0b43688a8a45d7a96"
},
{
"name": "https://github.com/baserproject/basercms/commit/08247f0a633d8e836ce2e5cd2d53aa19901a1359",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/baserproject/basercms/commit/08247f0a633d8e836ce2e5cd2d53aa19901a1359"
},
{
"name": "https://github.com/baserproject/basercms/commit/60f83054d8131b0ace60716cec7e629b5eb3a8f0",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/baserproject/basercms/commit/60f83054d8131b0ace60716cec7e629b5eb3a8f0"
},
{
"name": "https://github.com/baserproject/basercms/releases/tag/basercms-4.7.5",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/baserproject/basercms/releases/tag/basercms-4.7.5"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-25654",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-25T14:31:00.301971Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-25T14:51:02.752Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "basercms",
"vendor": "baserproject",
"versions": [
{
"status": "affected",
"version": "\u003c 4.7.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "baserCMS is a Content Management system. Prior to version 4.7.5, there is a Remote Code Execution (RCE) Vulnerability in the management system of baserCMS. Version 4.7.5 contains a patch."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434: Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-23T19:22:30.154Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/baserproject/basercms/security/advisories/GHSA-h4cc-fxpp-pgw9",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/baserproject/basercms/security/advisories/GHSA-h4cc-fxpp-pgw9"
},
{
"name": "https://github.com/baserproject/basercms/commit/002886be0998c74c386e04f0b43688a8a45d7a96",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/baserproject/basercms/commit/002886be0998c74c386e04f0b43688a8a45d7a96"
},
{
"name": "https://github.com/baserproject/basercms/commit/08247f0a633d8e836ce2e5cd2d53aa19901a1359",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/baserproject/basercms/commit/08247f0a633d8e836ce2e5cd2d53aa19901a1359"
},
{
"name": "https://github.com/baserproject/basercms/commit/60f83054d8131b0ace60716cec7e629b5eb3a8f0",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/baserproject/basercms/commit/60f83054d8131b0ace60716cec7e629b5eb3a8f0"
},
{
"name": "https://github.com/baserproject/basercms/releases/tag/basercms-4.7.5",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/baserproject/basercms/releases/tag/basercms-4.7.5"
}
],
"source": {
"advisory": "GHSA-h4cc-fxpp-pgw9",
"discovery": "UNKNOWN"
},
"title": "baserCMS File Uploader Remote Code Execution (RCE) vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-25654",
"datePublished": "2023-03-23T19:22:30.154Z",
"dateReserved": "2023-02-09T20:58:21.856Z",
"dateUpdated": "2025-02-25T14:51:02.752Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-39325 (GCVE-0-2022-39325)
Vulnerability from nvd – Published: 2022-11-25 00:00 – Updated: 2025-04-23 16:35
VLAI?
Title
Cross-site scripting vulnerability in BaserCMS
Summary
BaserCMS is a content management system with a japanese language focus. In affected versions there is a cross-site scripting vulnerability on the management system of baserCMS. This is a vulnerability that needs to be addressed when the management system is used by an unspecified number of users. Users of baserCMS are advised to upgrade as soon as possible. There are no known workarounds for this vulnerability.
Severity ?
4.6 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| baserproject | basercms |
Affected:
< 4.7.2
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T12:00:44.080Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/baserproject/basercms/security/advisories/GHSA-395x-wv32-44v5"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/baserproject/basercms/commit/b6f8a54e90dee51317eddf517b776fe8b4cd3ef6"
},
{
"tags": [
"x_transferred"
],
"url": "https://basercms.net/security/JVN_53682526"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-39325",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T13:54:00.299306Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-23T16:35:13.737Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "basercms",
"vendor": "baserproject",
"versions": [
{
"status": "affected",
"version": "\u003c 4.7.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "BaserCMS is a content management system with a japanese language focus. In affected versions there is a cross-site scripting vulnerability on the management system of baserCMS. This is a vulnerability that needs to be addressed when the management system is used by an unspecified number of users. Users of baserCMS are advised to upgrade as soon as possible. There are no known workarounds for this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-25T00:00:00.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"url": "https://github.com/baserproject/basercms/security/advisories/GHSA-395x-wv32-44v5"
},
{
"url": "https://github.com/baserproject/basercms/commit/b6f8a54e90dee51317eddf517b776fe8b4cd3ef6"
},
{
"url": "https://basercms.net/security/JVN_53682526"
}
],
"source": {
"advisory": "GHSA-395x-wv32-44v5",
"discovery": "UNKNOWN"
},
"title": "Cross-site scripting vulnerability in BaserCMS"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-39325",
"datePublished": "2022-11-25T00:00:00.000Z",
"dateReserved": "2022-09-02T00:00:00.000Z",
"dateUpdated": "2025-04-23T16:35:13.737Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}