CVE-2024-46994 — Cross-site Scripting in Basercms

CWE-79 — Cross-site Scripting3 documents3 sources

Severity

5.4MEDIUMNVD

EPSS

1.2%

top 21.24%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Baserproject Basercms Basercms

Timeline

PublishedOct 24

Description

baserCMS is a website development framework. Versions prior to 5.1.2 have a cross-site scripting vulnerability in Blog posts and Contents list Feature. Version 5.1.2 fixes this issue.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages3 packages

▶NVDbasercms/basercms< 5.1.2

▶CVEListV5baserproject/basercms< 5.1.2

▶Packagistbaserproject/basercms< 5.1.2

🔴Vulnerability Details

GHSA

baserCMS has a Cross-site Scripting (XSS) Vulnerability in Blog posts and Contents list Feature↗2024-10-24

▶

OSV

baserCMS has a Cross-site Scripting (XSS) Vulnerability in Blog posts and Contents list Feature↗2024-10-24

▶