CVE-2023-44379 — Cross-site Scripting in Basercms

CWE-79 — Cross-site Scripting3 documents3 sources

Severity

6.1MEDIUMNVD

EPSS

0.6%

top 29.85%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Baserproject Basercms Basercms

Timeline

PublishedFeb 22

Description

baserCMS is a website development framework. Prior to version 5.0.9, there is a cross-site scripting vulnerability in the site search feature. Version 5.0.9 contains a fix for this vulnerability.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages3 packages

▶NVDbasercms/basercms< 5.0.9

▶CVEListV5baserproject/basercms< 5.0.9

▶Packagistbaserproject/basercms< 5.0.9

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

baserCMS Cross-site Scripting vulnerability in Site search Feature↗2024-02-22

▶

OSV

baserCMS Cross-site Scripting vulnerability in Site search Feature↗2024-02-22

▶