CVE-2018-18943Cross-site Scripting in Basercms

CWE-79Cross-site Scripting3 documents3 sources
Severity
4.8MEDIUMNVD
EPSS
0.3%
top 46.21%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
BasercmsBaserproject Basercms
Timeline
PublishedNov 5
Latest updateMay 14

Description

An issue was discovered in baserCMS before 4.1.4. In the Register New Category feature of the Upload menu, the category name can be used for XSS via the data[UploaderCategory][name] parameter to an admin/uploader/uploader_categories/edit URI.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:NExploitability: 1.7 | Impact: 2.7

Affected Packages2 packages

NVDbasercms/basercms< 4.1.4
Packagistbaserproject/basercms< 4.1.4

🔴Vulnerability Details

2
GHSA
XSS in baserCMS before 4.1.42022-05-14
OSV
XSS in baserCMS before 4.1.42022-05-14