CVSS: 8.7EPSS: 0%CPEs: 1EXPL: 0CVE-2021-39136 – Cross-site scripting vulnerability in file upload
https://notcve.org/view.php?id=CVE-2021-39136
baserCMS is an open source content management system with a focus on Japanese language support. In affected versions there is a cross-site scripting vulnerability in the file upload function of the management system of baserCMS. Users are advised to update as soon as possible. No workaround are available to mitigate this issue. baserCMS es un sistema de administración de contenidos de código abierto centrado en el soporte del idioma Japonés. En las versiones afectadas se presenta una vulnerabilidad de tipo cross-site scripting en la función file upload del sistema de administración de baserCMS. • http://jvn.jp/en/jp/JVN14134801/index.html https://basercms.net/security/JVN_14134801 https://github.com/baserproject/basercms/commit/568d4cab5ba1cdee7bbf0133c676d02a98f6d7bc https://github.com/baserproject/basercms/security/advisories/GHSA-hgjr-632x-qpp3 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2021-20683
https://notcve.org/view.php?id=CVE-2021-20683
Improper neutralization of JavaScript input in the blog article editing function of baserCMS versions prior to 4.4.5 allows remote authenticated attackers to inject an arbitrary script via unspecified vectors. Una neutralización inapropiada de la entrada de JavaScript en la función blog article editing de baserCMS versiones anteriores a 4.4.5, permite a atacantes autenticados remotos inyectar un script arbitrario por medio de vectores no especificados. • https://basercms.net/security/JVN64869876 https://jvn.jp/en/jp/JVN64869876/index.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2021-20682
https://notcve.org/view.php?id=CVE-2021-20682
baserCMS versions prior to 4.4.5 allows a remote attacker with an administrative privilege to execute arbitrary OS commands via unspecified vectors. baserCMS versiones anteriores a 4.4.5, permiten a un atacante remoto con privilegios administrativos ejecutar comandos arbitrarios del Sistema Operativo por medio de vectores no especificados. • https://basercms.net/security/JVN64869876 https://jvn.jp/en/jp/JVN64869876/index.html • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2021-20681
https://notcve.org/view.php?id=CVE-2021-20681
Improper neutralization of JavaScript input in the page editing function of baserCMS versions prior to 4.4.5 allows remote authenticated attackers to inject an arbitrary script via unspecified vectors. Una neutralización inapropiada de la entrada de JavaScript en la función page editing de baserCMS versiones anteriores a 4.4.5, permite a atacantes autenticados remotamente inyectar un script arbitrario por medio de vectores no especificados. • https://basercms.net/security/JVN64869876 https://jvn.jp/en/jp/JVN64869876/index.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2020-15273 – Cross-Site Scripting in baserCMS
https://notcve.org/view.php?id=CVE-2020-15273
baserCMS before version 4.4.1 is vulnerable to Cross-Site Scripting. The issue affects the following components: Edit feed settings, Edit widget area, Sub site new registration, New category registration. Arbitrary JavaScript may be executed by entering specific characters in the account that can access the file upload function category list, subsite setting list, widget area edit, and feed list on the management screen. The issue was introduced in version 4.0.0. It is fixed in version 4.4.1. baserCMS anterior a la versión 4.4.1 es vulnerable a un ataque de tipo Cross-Site Scripting. • https://github.com/baserproject/basercms/commit/b70474ef9dcee6ad8826360884625dc7ca9041a1 https://github.com/baserproject/basercms/security/advisories/GHSA-wpww-4jf4-4hx8 https://packagist.org/packages/baserproject/basercms • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •