Description

Improper neutralization of JavaScript input in the blog article editing function of baserCMS versions prior to 4.4.5 allows remote authenticated attackers to inject an arbitrary script via unspecified vectors.

Related CPE's

a

basercms

basercms

Vulnerable

References

https://basercms.net/security/JVN64869876

PatchVendor Advisory

https://jvn.jp/en/jp/JVN64869876/index.html

Third Party Advisory

https://basercms.net/security/JVN64869876

PatchVendor Advisory

https://jvn.jp/en/jp/JVN64869876/index.html

Third Party Advisory

Weaknesses

[email protected]

Primary
CWE-79

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

5.4 · Medium

Information

Source identifier

[email protected]

Vulnerability status

Modified

Published

2021-03-26T08:15:12.167Z

4 years ago

Last modified

2024-11-21T04:47:00.200Z

1 year ago