CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-43792 – baserCMS Code Injection Vulnerability in Mail Form Feature
https://notcve.org/view.php?id=CVE-2023-43792
baserCMS is a website development framework. In versions 4.6.0 through 4.7.6, there is a Code Injection vulnerability in the mail form of baserCMS. As of time of publication, no known patched versions are available. baserCMS es un framework de desarrollo de sitios web. En las versiones 4.6.0 a 4.7.6, existe una vulnerabilidad de inyección de código en el formulario de correo de baserCMS. Al momento de la publicación, no hay versiones parcheadas disponibles. • https://basercms.net/security/JVN_45547161 https://github.com/baserproject/basercms/security/advisories/GHSA-vrm6-c878-fpq6 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-43649 – baserCMS CSRF vulnerability in Content preview Feature
https://notcve.org/view.php?id=CVE-2023-43649
baserCMS is a website development framework. Prior to version 4.8.0, there is a cross site request forgery vulnerability in the content preview feature of baserCMS. Version 4.8.0 contains a patch for this issue. baserCMS es un framework de desarrollo de sitios web. Antes de la versión 4.8.0, había una vulnerabilidad de Cross-Site Request Forgery (CSRF) en la función de vista previa de contenido de baserCMS. La versión 4.8.0 contiene un parche para este problema. • https://basercms.net/security/JVN_99052047 https://github.com/baserproject/basercms/commit/874c55433fead93e0be9df96fd28740f8047c8b6 https://github.com/baserproject/basercms/security/advisories/GHSA-fw9x-cqjq-7jx5 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-43648 – baserCMS Directory Traversal vulnerability in Form submission data management Feature
https://notcve.org/view.php?id=CVE-2023-43648
baserCMS is a website development framework. Prior to version 4.8.0, there is a Directory Traversal Vulnerability in the form submission data management feature of baserCMS. Version 4.8.0 contains a patch for this issue. baserCMS es un framework de desarrollo de sitios web. Antes de la versión 4.8.0, había una vulnerabilidad de Directory Traversal en la función de administración de datos de envío de formularios de baserCMS. La versión 4.8.0 contiene un parche para este problema. • https://basercms.net/security/JVN_81174674 https://github.com/baserproject/basercms/commit/7555a5cf0006755dc0223fffc2d882b50a97758b https://github.com/baserproject/basercms/security/advisories/GHSA-hmqj-gv2m-hq55 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-43647 – baserCMS Cross-site Scripting vulnerability in File upload Feature
https://notcve.org/view.php?id=CVE-2023-43647
baserCMS is a website development framework. Prior to version 4.8.0, there is a cross-site scripting vulnerability in the file upload feature of baserCMS. Version 4.8.0 contains a patch for this issue. baserCMS es un framework de desarrollo de sitios web. Antes de la versión 4.8.0, había una vulnerabilidad de Cross-Site Scripting (XSS) en la función de carga de archivos de baserCMS. La versión 4.8.0 contiene un parche para este problema. • https://basercms.net/security/JVN_24381990 https://github.com/baserproject/basercms/commit/eb5977533d05db4f3bb03bd19630b66052799b2e https://github.com/baserproject/basercms/security/advisories/GHSA-ggj4-78rm-6xgv • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-29009 – basercms XSS Vulnerability via Favorites Feature
https://notcve.org/view.php?id=CVE-2023-29009
baserCMS is a website development framework with WebAPI that runs on PHP8 and CakePHP4. There is a XSS Vulnerability in Favorites Feature to baserCMS. This issue has been patched in version 4.8.0. baserCMS es un framework de desarrollo de sitios web con WebAPI que se ejecuta en PHP8 y CakePHP4. Existe una vulnerabilidad XSS en Favorites Feature de baserCMS. Este problema se solucionó en la versión 4.8.0. • https://basercms.net/security/JVN_45547161 https://github.com/baserproject/basercms/releases/tag/basercms-4.8.0 https://github.com/baserproject/basercms/security/advisories/GHSA-8vqx-prq4-rqrq • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •