CVE-2018-0570 — Cross-site Scripting in Basercms

CWE-79 — Cross-site Scripting3 documents3 sources

Severity

5.4MEDIUMNVD

EPSS

0.2%

top 58.61%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Basercms Baserproject Basercms Basercms Users Community Basercms

Timeline

PublishedJun 26

Latest updateMay 14

Description

Cross-site scripting vulnerability in baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages3 packages

▶NVDbasercms/basercms3.0.0 — 3.0.15+1

▶Packagistbaserproject/basercms4.0.0 — 4.1.0.1+1

▶CVEListV5basercms_users_community/basercms(baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions)

🔴Vulnerability Details

GHSA

XSS in baserCMS↗2022-05-14

▶

OSV

XSS in baserCMS↗2022-05-14

▶