CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-43648 – baserCMS Directory Traversal vulnerability in Form submission data management Feature
https://notcve.org/view.php?id=CVE-2023-43648
baserCMS is a website development framework. Prior to version 4.8.0, there is a Directory Traversal Vulnerability in the form submission data management feature of baserCMS. Version 4.8.0 contains a patch for this issue. baserCMS es un framework de desarrollo de sitios web. Antes de la versión 4.8.0, había una vulnerabilidad de Directory Traversal en la función de administración de datos de envío de formularios de baserCMS. La versión 4.8.0 contiene un parche para este problema. • https://basercms.net/security/JVN_81174674 https://github.com/baserproject/basercms/commit/7555a5cf0006755dc0223fffc2d882b50a97758b https://github.com/baserproject/basercms/security/advisories/GHSA-hmqj-gv2m-hq55 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-43647 – baserCMS Cross-site Scripting vulnerability in File upload Feature
https://notcve.org/view.php?id=CVE-2023-43647
baserCMS is a website development framework. Prior to version 4.8.0, there is a cross-site scripting vulnerability in the file upload feature of baserCMS. Version 4.8.0 contains a patch for this issue. baserCMS es un framework de desarrollo de sitios web. Antes de la versión 4.8.0, había una vulnerabilidad de Cross-Site Scripting (XSS) en la función de carga de archivos de baserCMS. La versión 4.8.0 contiene un parche para este problema. • https://basercms.net/security/JVN_24381990 https://github.com/baserproject/basercms/commit/eb5977533d05db4f3bb03bd19630b66052799b2e https://github.com/baserproject/basercms/security/advisories/GHSA-ggj4-78rm-6xgv • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-29009 – basercms XSS Vulnerability via Favorites Feature
https://notcve.org/view.php?id=CVE-2023-29009
baserCMS is a website development framework with WebAPI that runs on PHP8 and CakePHP4. There is a XSS Vulnerability in Favorites Feature to baserCMS. This issue has been patched in version 4.8.0. baserCMS es un framework de desarrollo de sitios web con WebAPI que se ejecuta en PHP8 y CakePHP4. Existe una vulnerabilidad XSS en Favorites Feature de baserCMS. Este problema se solucionó en la versión 4.8.0. • https://basercms.net/security/JVN_45547161 https://github.com/baserproject/basercms/releases/tag/basercms-4.8.0 https://github.com/baserproject/basercms/security/advisories/GHSA-8vqx-prq4-rqrq • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-25655 – baserCMS allows any file to be uploaded
https://notcve.org/view.php?id=CVE-2023-25655
baserCMS is a Content Management system. Prior to version 4.7.5, any file may be uploaded on the management system of baserCMS. Version 4.7.5 contains a patch. • https://github.com/baserproject/basercms/commit/922025a98b0e697ab78f6a785a004e0729aa9100 https://github.com/baserproject/basercms/commit/9297629983ed908c7f51bf61a0231dde91404ebd https://github.com/baserproject/basercms/releases/tag/basercms-4.7.5 https://github.com/baserproject/basercms/security/advisories/GHSA-mfvg-qwcw-qvc8 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0CVE-2023-25654 – baserCMS File Uploader Remote Code Execution (RCE) vulnerability
https://notcve.org/view.php?id=CVE-2023-25654
baserCMS is a Content Management system. Prior to version 4.7.5, there is a Remote Code Execution (RCE) Vulnerability in the management system of baserCMS. Version 4.7.5 contains a patch. • https://github.com/baserproject/basercms/commit/002886be0998c74c386e04f0b43688a8a45d7a96 https://github.com/baserproject/basercms/commit/08247f0a633d8e836ce2e5cd2d53aa19901a1359 https://github.com/baserproject/basercms/commit/60f83054d8131b0ace60716cec7e629b5eb3a8f0 https://github.com/baserproject/basercms/releases/tag/basercms-4.7.5 https://github.com/baserproject/basercms/security/advisories/GHSA-h4cc-fxpp-pgw9 • CWE-434: Unrestricted Upload of File with Dangerous Type •