CVE-2022-41994 — Cross-site Scripting in Basercms

CWE-79 — Cross-site Scripting5 documents3 sources

Severity

4.8MEDIUMNVD

GHSA6.1OSV6.1

EPSS

0.1%

top 65.39%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Basercms Baserproject Basercms Basercms Users Community Basercms

Timeline

PublishedDec 7

Description

Stored cross-site scripting vulnerability in Permission Settings of baserCMS versions prior to 4.7.2 allows a remote authenticated attacker with an administrative privilege to inject an arbitrary script.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:NExploitability: 1.7 | Impact: 2.7

Affected Packages3 packages

▶NVDbasercms/basercms< 4.7.2

▶Packagistbaserproject/basercms< 4.7.2

▶CVEListV5basercms_users_community/basercmsversions prior to 4.7.2

🔴Vulnerability Details

OSV

baserCMS vulnerable to stored Cross-site Scripting↗2022-12-07

▶

GHSA

baserCMS vulnerable to stored Cross-site Scripting↗2022-12-07

▶

OSV

baserproject/basercms vulnerable to cross-site scripting (XSS) vulnerability↗2022-11-28

▶

GHSA

baserproject/basercms vulnerable to cross-site scripting (XSS) vulnerability↗2022-11-28

▶