CVE-2021-20682
https://notcve.org/view.php?id=CVE-2021-20682
baserCMS versions prior to 4.4.5 allows a remote attacker with an administrative privilege to execute arbitrary OS commands via unspecified vectors. baserCMS versiones anteriores a 4.4.5, permiten a un atacante remoto con privilegios administrativos ejecutar comandos arbitrarios del Sistema Operativo por medio de vectores no especificados. • https://basercms.net/security/JVN64869876 https://jvn.jp/en/jp/JVN64869876/index.html • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVE-2021-20681
https://notcve.org/view.php?id=CVE-2021-20681
Improper neutralization of JavaScript input in the page editing function of baserCMS versions prior to 4.4.5 allows remote authenticated attackers to inject an arbitrary script via unspecified vectors. Una neutralización inapropiada de la entrada de JavaScript en la función page editing de baserCMS versiones anteriores a 4.4.5, permite a atacantes autenticados remotamente inyectar un script arbitrario por medio de vectores no especificados. • https://basercms.net/security/JVN64869876 https://jvn.jp/en/jp/JVN64869876/index.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2020-15159 – Cross Site Scripting leading to RCE in baserCMS
https://notcve.org/view.php?id=CVE-2020-15159
baserCMS 4.3.6 and earlier is affected by Cross Site Scripting (XSS) and Remote Code Execution (RCE). This may be executed by logging in as a system administrator and uploading an executable script file such as a PHP file.The affected components are ThemeFilesController.php and UploaderFilesController.php. This is fixed in version 4.3.7. baserCMS versiones 4.3.6 y anteriores, esta afectado por una vulnerabilidad de tipo Cross Site Scripting (XSS) y Remote Code Execution (RCE). Esta puede ser ejecutada al iniciar sesión como administrador del sistema y cargando un archivo de script ejecutable tal y como un archivo PHP. Los componentes afectados son los archivos ThemeFilesController.php y UploaderFilesController.php. • https://basercms.net/security/20200827 https://github.com/baserproject/basercms/commit/16a7b3cd09a0ca355474119c76897eac2034a66d https://github.com/baserproject/basercms/security/advisories/GHSA-673x-f5wx-fxpw • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2020-15155 – Cross-Site Scripting in baserCMS
https://notcve.org/view.php?id=CVE-2020-15155
baserCMS 4.3.6 and earlier is affected by Cross Site Scripting (XSS) via arbitrary script execution. Admin access is required to exploit this vulnerability. The affected components is toolbar.php. The issue is fixed in version 4.3.7. baserCMS versiones 4.3.6 y anteriores, esta afectado por una vulnerabilidad de tipo Cross Site Scripting (XSS) por medio de la ejecución de un script arbitrario. Se requiere acceso de administrador para explotar esta vulnerabilidad. • https://basercms.net/security/20200827 https://github.com/baserproject/basercms/commit/94cbfab74c9fd6d04492597a1a684674c3c0e30f https://github.com/baserproject/basercms/security/advisories/GHSA-4r3m-j6x5-48m3 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2020-15154 – Cross Site Scripting in baserCMS
https://notcve.org/view.php?id=CVE-2020-15154
baserCMS 4.3.6 and earlier is affected by Cross Site Scripting (XSS) via arbitrary script execution. Admin access is required to exploit this vulnerability. The affected components are: content_fields.php, content_info.php, content_options.php, content_related.php, index_list_tree.php, jquery.bcTree.js. The issue is fixed in version 4.3.7. baserCMS versiones 4.3.6 y anteriores, esta afectado por una vulnerabilidad de tipo Cross Site Scripting (XSS) por medio de la ejecución de un script arbitrario. Se requiere acceso de administrador para explotar esta vulnerabilidad. • https://basercms.net/security/20200827 https://github.com/baserproject/basercms/security/advisories/GHSA-cpxc-67rc-c775 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •