CVE-2024-46995 — Cross-site Scripting in Basercms

CWE-79 — Cross-site Scripting3 documents3 sources

Severity

6.1MEDIUMNVD

EPSS

0.9%

top 24.77%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Baserproject Basercms Basercms

Timeline

PublishedOct 24

Description

baserCMS is a website development framework. Versions prior to 5.1.2 have a cross-site scripting vulnerability in HTTP 400 Bad Request. Version 5.1.2 fixes this issue.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages3 packages

▶NVDbasercms/basercms< 5.1.2

▶CVEListV5baserproject/basercms< 5.1.2

▶Packagistbaserproject/basercms< 5.1.2

🔴Vulnerability Details

GHSA

baserCMS has a Cross-site Scripting (XSS) Vulnerability in HTTP 400 Bad Request↗2024-10-24

▶

OSV

baserCMS has a Cross-site Scripting (XSS) Vulnerability in HTTP 400 Bad Request↗2024-10-24

▶