CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-25655 – baserCMS allows any file to be uploaded
https://notcve.org/view.php?id=CVE-2023-25655
baserCMS is a Content Management system. Prior to version 4.7.5, any file may be uploaded on the management system of baserCMS. Version 4.7.5 contains a patch. • https://github.com/baserproject/basercms/commit/922025a98b0e697ab78f6a785a004e0729aa9100 https://github.com/baserproject/basercms/commit/9297629983ed908c7f51bf61a0231dde91404ebd https://github.com/baserproject/basercms/releases/tag/basercms-4.7.5 https://github.com/baserproject/basercms/security/advisories/GHSA-mfvg-qwcw-qvc8 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0CVE-2023-25654 – baserCMS File Uploader Remote Code Execution (RCE) vulnerability
https://notcve.org/view.php?id=CVE-2023-25654
baserCMS is a Content Management system. Prior to version 4.7.5, there is a Remote Code Execution (RCE) Vulnerability in the management system of baserCMS. Version 4.7.5 contains a patch. • https://github.com/baserproject/basercms/commit/002886be0998c74c386e04f0b43688a8a45d7a96 https://github.com/baserproject/basercms/commit/08247f0a633d8e836ce2e5cd2d53aa19901a1359 https://github.com/baserproject/basercms/commit/60f83054d8131b0ace60716cec7e629b5eb3a8f0 https://github.com/baserproject/basercms/releases/tag/basercms-4.7.5 https://github.com/baserproject/basercms/security/advisories/GHSA-h4cc-fxpp-pgw9 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-41994
https://notcve.org/view.php?id=CVE-2022-41994
Stored cross-site scripting vulnerability in Permission Settings of baserCMS versions prior to 4.7.2 allows a remote authenticated attacker with an administrative privilege to inject an arbitrary script. Vulnerabilidad de Cross-Site Scripting (XSS) Almacenado en la configuración de permisos de las versiones de baserCMS anteriores a la 4.7.2 permite a un atacante remoto autenticado con privilegios administrativos inyectar un script arbitrario. • https://basercms.net/security/JVN_53682526 https://jvn.jp/en/jp/JVN53682526/index.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-42486
https://notcve.org/view.php?id=CVE-2022-42486
Stored cross-site scripting vulnerability in User group management of baserCMS versions prior to 4.7.2 allows a remote authenticated attacker with an administrative privilege to inject an arbitrary script. Vulnerabilidad de Cross-Site Scripting (XSS) Almacenado en la gestión de grupos de usuarios de versiones de baserCMS anteriores a la 4.7.2 permite a un atacante remoto autenticado con privilegios administrativos inyectar un script arbitrario. • https://basercms.net/security/JVN_53682526 https://jvn.jp/en/jp/JVN53682526/index.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2022-39325 – Cross-site scripting vulnerability in BaserCMS
https://notcve.org/view.php?id=CVE-2022-39325
BaserCMS is a content management system with a japanese language focus. In affected versions there is a cross-site scripting vulnerability on the management system of baserCMS. This is a vulnerability that needs to be addressed when the management system is used by an unspecified number of users. Users of baserCMS are advised to upgrade as soon as possible. There are no known workarounds for this vulnerability. • https://basercms.net/security/JVN_53682526 https://github.com/baserproject/basercms/commit/b6f8a54e90dee51317eddf517b776fe8b4cd3ef6 https://github.com/baserproject/basercms/security/advisories/GHSA-395x-wv32-44v5 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •