CVE-2023-43649 — Cross-Site Request Forgery in Basercms

CWE-352 — Cross-Site Request Forgery3 documents3 sources

Severity

9.8CRITICALNVD

EPSS

0.1%

top 71.12%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Baserproject Basercms Basercms

Timeline

Latest updateOct 26

PublishedOct 30

Description

baserCMS is a website development framework. Prior to version 4.8.0, there is a cross site request forgery vulnerability in the content preview feature of baserCMS. Version 4.8.0 contains a patch for this issue.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages3 packages

▶NVDbasercms/basercms< 4.8.0

▶CVEListV5baserproject/basercms< 4.8.0

▶Packagistbaserproject/basercms< 4.8.0

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

baserCMS CSRF vulnerability in Content preview Feature↗2023-10-26

▶

OSV

baserCMS CSRF vulnerability in Content preview Feature↗2023-10-26

▶