CVE-2022-39325

Published: Nov 25, 2022Modified: Nov 21, 2024

6.1

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Exploitability: 2.8 / Impact: 2.7

Source: NVD

Description

BaserCMS is a content management system with a japanese language focus. In affected versions there is a cross-site scripting vulnerability on the management system of baserCMS. This is a vulnerability that needs to be addressed when the management system is used by an unspecified number of users. Users of baserCMS are advised to upgrade as soon as possible. There are no known workarounds for this vulnerability.

Affected (1)

Products: Basercms: Basercms

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Basercms Basercms	Before 4.7.2

Related CWEs

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (6)

https://basercms.net/security/JVN_53682526

Source: security-advisories@github.com

Vendor Advisory

https://github.com/baserproject/basercms/commit/b6f8a54e90dee51317eddf517b776fe8b4cd3ef6

Source: security-advisories@github.com

PatchThird Party Advisory

https://github.com/baserproject/basercms/security/advisories/GHSA-395x-wv32-44v5

Source: security-advisories@github.com

Third Party Advisory

https://basercms.net/security/JVN_53682526

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://github.com/baserproject/basercms/commit/b6f8a54e90dee51317eddf517b776fe8b4cd3ef6

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

https://github.com/baserproject/basercms/security/advisories/GHSA-395x-wv32-44v5

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.