CVE-2024-26128 — Cross-site Scripting in Basercms

CWE-79 — Cross-site Scripting4 documents3 sources

Severity

5.4MEDIUMNVD

OSV7.8

EPSS

2.3%

top 15.30%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Baserproject Basercms Basercms

Timeline

PublishedFeb 22

Latest updateJun 5

Description

baserCMS is a website development framework. Prior to version 5.0.9, there is a cross-site scripting vulnerability in the content management feature. Version 5.0.9 contains a fix for this vulnerability.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages3 packages

▶NVDbasercms/basercms< 5.0.9

▶CVEListV5baserproject/basercms< 5.0.9

▶Packagistbaserproject/basercms< 5.0.9

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

OSV

frr vulnerabilities↗2024-06-05

▶

OSV

baserCMS Cross-site Scripting vulnerability in Content Management↗2024-02-22

▶

GHSA

baserCMS Cross-site Scripting vulnerability in Content Management↗2024-02-22

▶