CVSS: 5.6EPSS: 0%CPEs: 1EXPL: 0CVE-2023-51450 – baserCMS OS command injection vulnerability in Installer
https://notcve.org/view.php?id=CVE-2023-51450
baserCMS is a website development framework. Prior to version 5.0.9, there is an OS Command Injection vulnerability in the site search feature of baserCMS. Version 5.0.9 contains a fix for this vulnerability. baserCMS es un framework de desarrollo de sitios web. Antes de la versión 5.0.9, había una vulnerabilidad de inyección de comandos del sistema operativo en la función de búsqueda de sitios de baserCMS. La versión 5.0.9 contiene una solución para esta vulnerabilidad. • https://basercms.net/security/JVN_09767360 https://github.com/baserproject/basercms/commit/18f426d63e752b4d22c40e9ea8d1f6e692ef601c https://github.com/baserproject/basercms/security/advisories/GHSA-77fc-4cv5-hmfr • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-44379 – baserCMS Cross-site Scripting vulnerability in Site search Feature
https://notcve.org/view.php?id=CVE-2023-44379
baserCMS is a website development framework. Prior to version 5.0.9, there is a cross-site scripting vulnerability in the site search feature. Version 5.0.9 contains a fix for this vulnerability. baserCMS es un framework de desarrollo de sitios web. Antes de la versión 5.0.9, había una vulnerabilidad de cross site scripting en la función de búsqueda de sitios. La versión 5.0.9 contiene una solución para esta vulnerabilidad. • https://basercms.net/security/JVN_73283159 https://github.com/baserproject/basercms/commit/18549396e5a9b8294306a54a876af164b0b57da4 https://github.com/baserproject/basercms/security/advisories/GHSA-66c2-p8rh-qx87 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •