CVE-2024-26128
published 2024-02-22CVE-2024-26128: baserCMS is a website development framework. Prior to version 5.0.9, there is a cross-site scripting vulnerability in the content management feature. Version…
PriorityP423medium5.4CVSS 3.1
AVNACLPRLUIRSCCLILAN
EPSS
0.57%
43.0th percentile
baserCMS is a website development framework. Prior to version 5.0.9, there is a cross-site scripting vulnerability in the content management feature. Version 5.0.9 contains a fix for this vulnerability.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| basercms | basercms | < 5.0.9 | 5.0.9 |
| baserproject | basercms | < 5.0.9 | 5.0.9 |
| baserproject | basercms | >= 0 < 5.0.9 | 5.0.9 |
CVSS provenance
nvdv3.15.4MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
osv7.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
frr vulnerabilities
osv·2024-06-05·CVSS 7.8
CVE-2022-26126 frr vulnerabilities
frr vulnerabilities
It was discovered that FRR incorrectly handled certain network traffic.
A remote attacker could possibly use this issue to cause FRR to crash,
resulting in a denial of service. (CVE-2022-26126, CVE-2022-26127,
CVE-2022-26128, CVE-2022-26129, CVE-2022-37032, CVE-2022-37035,
CVE-2023-31490, CVE-2023-38406, CVE-2023-38407, CVE-2023-46752,
CVE-2023-46753, CVE-2023-47234, CVE-2023-47235, CVE-2024-31948)
Ben Cartwright-Cox discovered that FRR incorrectly handled certain
network traffic. A remote attacker could possibly use this issue to cause
FRR to crash, resulting in a denial of service. (CVE-2023-38802)
OSV
baserCMS Cross-site Scripting vulnerability in Content Management
osv·2024-02-22
CVE-2024-26128 [MEDIUM] baserCMS Cross-site Scripting vulnerability in Content Management
baserCMS Cross-site Scripting vulnerability in Content Management
There is a XSS Vulnerability in Content Management Feature to baserCMS.
### Target
baserCMS 5.0.8 and earlier versions
### Vulnerability
Malicious code may be executed in Content Management Feature.
### Countermeasures
Update to the latest version of baserCMS
Please refer to the following page to reference for more information.
https://basercms.net/security/JVN_73283159
GHSA
baserCMS Cross-site Scripting vulnerability in Content Management
ghsa·2024-02-22
CVE-2024-26128 [MEDIUM] CWE-79 baserCMS Cross-site Scripting vulnerability in Content Management
baserCMS Cross-site Scripting vulnerability in Content Management
There is a XSS Vulnerability in Content Management Feature to baserCMS.
### Target
baserCMS 5.0.8 and earlier versions
### Vulnerability
Malicious code may be executed in Content Management Feature.
### Countermeasures
Update to the latest version of baserCMS
Please refer to the following page to reference for more information.
https://basercms.net/security/JVN_73283159
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://basercms.net/security/JVN_73283159https://github.com/baserproject/basercms/commit/18f426d63e752b4d22c40e9ea8d1f6e692ef601chttps://github.com/baserproject/basercms/security/advisories/GHSA-jjxq-m8h3-4vw5https://basercms.net/security/JVN_73283159https://github.com/baserproject/basercms/commit/18f426d63e752b4d22c40e9ea8d1f6e692ef601chttps://github.com/baserproject/basercms/security/advisories/GHSA-jjxq-m8h3-4vw5
2024-02-22
Published