CVE-2021-20681
https://notcve.org/view.php?id=CVE-2021-20681
Improper neutralization of JavaScript input in the page editing function of baserCMS versions prior to 4.4.5 allows remote authenticated attackers to inject an arbitrary script via unspecified vectors. Una neutralización inapropiada de la entrada de JavaScript en la función page editing de baserCMS versiones anteriores a 4.4.5, permite a atacantes autenticados remotamente inyectar un script arbitrario por medio de vectores no especificados. • https://basercms.net/security/JVN64869876 https://jvn.jp/en/jp/JVN64869876/index.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2020-15273 – Cross-Site Scripting in baserCMS
https://notcve.org/view.php?id=CVE-2020-15273
baserCMS before version 4.4.1 is vulnerable to Cross-Site Scripting. The issue affects the following components: Edit feed settings, Edit widget area, Sub site new registration, New category registration. Arbitrary JavaScript may be executed by entering specific characters in the account that can access the file upload function category list, subsite setting list, widget area edit, and feed list on the management screen. The issue was introduced in version 4.0.0. It is fixed in version 4.4.1. baserCMS anterior a la versión 4.4.1 es vulnerable a un ataque de tipo Cross-Site Scripting. • https://github.com/baserproject/basercms/commit/b70474ef9dcee6ad8826360884625dc7ca9041a1 https://github.com/baserproject/basercms/security/advisories/GHSA-wpww-4jf4-4hx8 https://packagist.org/packages/baserproject/basercms • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2020-15276 – Cross Site Scripting in baserCMS
https://notcve.org/view.php?id=CVE-2020-15276
baserCMS before version 4.4.1 is vulnerable to Cross-Site Scripting. Arbitrary JavaScript may be executed by entering a crafted nickname in blog comments. The issue affects the blog comment component. It is fixed in version 4.4.1. baserCMS anterior a la versión 4.4.1, es vulnerable a un ataque de tipo Cross-Site Scripting. Un JavaScript arbitrario puede ser ejecutado ingresando un alias diseñado en los comentarios del blog. • https://basercms.net/security/20201029 https://github.com/baserproject/basercms/commit/d14f506385f21d67d5ff3462f204d4c2321b7c54 https://github.com/baserproject/basercms/security/advisories/GHSA-fw5q-j9p4-3vxg • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2020-15277 – Remote Code Execution in baserCMS
https://notcve.org/view.php?id=CVE-2020-15277
baserCMS before version 4.4.1 is affected by Remote Code Execution (RCE). Code may be executed by logging in as a system administrator and uploading an executable script file such as a PHP file. The Edit template component is vulnerable. The issue is fixed in version 4.4.1. baserCMS anterior a la versión 4.4.1 está afectado por una Ejecución de Código Remota (RCE). El código puede ser ejecutado iniciando sesión como un administrador del sistema y cargando un archivo de script ejecutable, como un archivo PHP. • https://basercms.net/security/20201029 https://github.com/baserproject/basercms/commit/bb027c3967b0430adcff2d2fedbc23d39077563b https://github.com/baserproject/basercms/security/advisories/GHSA-6fmv-q269-55cw • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVE-2020-15159 – Cross Site Scripting leading to RCE in baserCMS
https://notcve.org/view.php?id=CVE-2020-15159
baserCMS 4.3.6 and earlier is affected by Cross Site Scripting (XSS) and Remote Code Execution (RCE). This may be executed by logging in as a system administrator and uploading an executable script file such as a PHP file.The affected components are ThemeFilesController.php and UploaderFilesController.php. This is fixed in version 4.3.7. baserCMS versiones 4.3.6 y anteriores, esta afectado por una vulnerabilidad de tipo Cross Site Scripting (XSS) y Remote Code Execution (RCE). Esta puede ser ejecutada al iniciar sesión como administrador del sistema y cargando un archivo de script ejecutable tal y como un archivo PHP. Los componentes afectados son los archivos ThemeFilesController.php y UploaderFilesController.php. • https://basercms.net/security/20200827 https://github.com/baserproject/basercms/commit/16a7b3cd09a0ca355474119c76897eac2034a66d https://github.com/baserproject/basercms/security/advisories/GHSA-673x-f5wx-fxpw • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •