CVE-2021-39136 — Cross-site Scripting in Basercms

CWE-79 — Cross-site Scripting3 documents3 sources

Severity

5.4MEDIUMNVD

EPSS

0.5%

top 32.37%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Baserproject Basercms Basercms

Timeline

PublishedAug 25

Latest updateAug 30

Description

baserCMS is an open source content management system with a focus on Japanese language support. In affected versions there is a cross-site scripting vulnerability in the file upload function of the management system of baserCMS. Users are advised to update as soon as possible. No workaround are available to mitigate this issue.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages3 packages

▶NVDbasercms/basercms< 4.5.1

▶CVEListV5baserproject/basercms< 4.5.1

▶Packagistbaserproject/basercms< 4.5.1

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

Cross-site scripting vulnerability in file upload↗2021-08-30

▶

OSV

Cross-site scripting vulnerability in file upload↗2021-08-30

▶