ghsa-395x-wv32-44v5
Vulnerability from github
Published
2022-11-28 22:14
Modified
2022-12-01 22:11
Severity ?
Summary
baserproject/basercms vulnerable to cross-site scripting (XSS) vulnerability
Details
There is a cross-site scripting vulnerability on the management system of baserCMS.
This is a vulnerability that needs to be addressed when the management system is used by an unspecified number of users. If you are eligible, please update to the new version as soon as possible.
Target
baserCMS 4.7.1 and earlier versions.
Vulnerability
Execution of malicious JavaScript code may alter the display of the page or leak cookie information. - In Favorite registration (CVE-2022-39325) - In Permission Settings (CVE-2022-41994) - In User group management (CVE-2022-42486)
Countermeasures
Update to the latest version of baserCMS
Credits
- Shogo Iyota@Mitsui Bussan Secure Directions, Inc.
- YUYA KOTAKE@CARTA HOLDINGS, INC.
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 4.7.1"
},
"package": {
"ecosystem": "Packagist",
"name": "baserproject/basercms"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "4.7.2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2022-39325"
],
"database_specific": {
"cwe_ids": [
"CWE-79"
],
"github_reviewed": true,
"github_reviewed_at": "2022-11-28T22:14:48Z",
"nvd_published_at": "2022-11-25T20:15:00Z",
"severity": "MODERATE"
},
"details": "There is a cross-site scripting vulnerability on the management system of baserCMS.\n\nThis is a vulnerability that needs to be addressed when the management system is used by an unspecified number of users.\nIf you are eligible, please update to the new version as soon as possible.\n\n### Target\nbaserCMS 4.7.1 and earlier versions.\n\n### Vulnerability\nExecution of malicious JavaScript code may alter the display of the page or leak cookie information.\n- In Favorite registration (CVE-2022-39325)\n- In Permission Settings (CVE-2022-41994)\n- In User group management (CVE-2022-42486)\n\n### Countermeasures\nUpdate to the latest version of baserCMS\n\n### Credits\n- Shogo Iyota@Mitsui Bussan Secure Directions, Inc.\n- YUYA KOTAKE@CARTA HOLDINGS, INC.",
"id": "GHSA-395x-wv32-44v5",
"modified": "2022-12-01T22:11:37Z",
"published": "2022-11-28T22:14:48Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/baserproject/basercms/security/advisories/GHSA-395x-wv32-44v5"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-39325"
},
{
"type": "WEB",
"url": "https://github.com/baserproject/basercms/commit/b6f8a54e90dee51317eddf517b776fe8b4cd3ef6"
},
{
"type": "WEB",
"url": "https://basercms.net/security/JVN_53682526"
},
{
"type": "PACKAGE",
"url": "https://github.com/baserproject/basercms"
},
{
"type": "WEB",
"url": "https://github.com/baserproject/basercms/releases/tag/basercms-4.7.2"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
}
],
"summary": "baserproject/basercms vulnerable to cross-site scripting (XSS) vulnerability "
}
Loading...
Loading...
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.