Basercms Users Community Basercms vulnerabilities
18 known vulnerabilities affecting basercms_users_community/basercms.
Total CVEs
18
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH7MEDIUM10
Vulnerabilities
Page 1 of 1
CVE-2022-42486MEDIUMCVSS 4.8vversions prior to 4.7.22022-12-07
CVE-2022-42486 [MEDIUM] CWE-79 CVE-2022-42486: Stored cross-site scripting vulnerability in User group management of baserCMS versions prior to 4.7
Stored cross-site scripting vulnerability in User group management of baserCMS versions prior to 4.7.2 allows a remote authenticated attacker with an administrative privilege to inject an arbitrary script.
nvd
CVE-2022-41994MEDIUMCVSS 4.8vversions prior to 4.7.22022-12-07
CVE-2022-41994 [MEDIUM] CWE-79 CVE-2022-41994: Stored cross-site scripting vulnerability in Permission Settings of baserCMS versions prior to 4.7.2
Stored cross-site scripting vulnerability in Permission Settings of baserCMS versions prior to 4.7.2 allows a remote authenticated attacker with an administrative privilege to inject an arbitrary script.
nvd
CVE-2021-20682HIGHCVSS 7.2vversions prior to 4.4.52021-03-26
CVE-2021-20682 [HIGH] CWE-78 CVE-2021-20682: baserCMS versions prior to 4.4.5 allows a remote attacker with an administrative privilege to execut
baserCMS versions prior to 4.4.5 allows a remote attacker with an administrative privilege to execute arbitrary OS commands via unspecified vectors.
nvd
CVE-2021-20683MEDIUMCVSS 5.4vversions prior to 4.4.52021-03-26
CVE-2021-20683 [MEDIUM] CWE-79 CVE-2021-20683: Improper neutralization of JavaScript input in the blog article editing function of baserCMS version
Improper neutralization of JavaScript input in the blog article editing function of baserCMS versions prior to 4.4.5 allows remote authenticated attackers to inject an arbitrary script via unspecified vectors.
nvd
CVE-2021-20681MEDIUMCVSS 5.4vversions prior to 4.4.52021-03-26
CVE-2021-20681 [MEDIUM] CWE-79 CVE-2021-20681: Improper neutralization of JavaScript input in the page editing function of baserCMS versions prior
Improper neutralization of JavaScript input in the page editing function of baserCMS versions prior to 4.4.5 allows remote authenticated attackers to inject an arbitrary script via unspecified vectors.
nvd
CVE-2018-0572HIGHCVSS 8.1v(baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions)2018-06-26
CVE-2018-0572 [HIGH] CVE-2018-0572: baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote
baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote authenticated attackers to bypass access restriction to view or alter a restricted content via unspecified vectors.
nvd
CVE-2018-0569HIGHCVSS 8.8v(baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions)2018-06-26
CVE-2018-0569 [HIGH] CWE-78 CVE-2018-0569: baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote
baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote authenticated attackers to execute arbitrary OS commands via unspecified vectors.
nvd
CVE-2018-0575MEDIUMCVSS 5.3v(baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions)2018-06-26
CVE-2018-0575 [MEDIUM] CWE-200 CVE-2018-0575: baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote
baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote attackers to bypass access restriction in mail form to view a file which is uploaded by a site user via unspecified vectors.
nvd
CVE-2018-0573MEDIUMCVSS 5.3v(baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions)2018-06-26
CVE-2018-0573 [MEDIUM] CWE-269 CVE-2018-0573: baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote
baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote attackers to bypass access restriction for a content to view a file which is uploaded by a site user via unspecified vectors.
nvd
CVE-2018-0574MEDIUMCVSS 6.1v(baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions)2018-06-26
CVE-2018-0574 [MEDIUM] CWE-79 CVE-2018-0574: Cross-site scripting vulnerability in baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.
Cross-site scripting vulnerability in baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
nvd
CVE-2018-0570MEDIUMCVSS 5.4v(baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions)2018-06-26
CVE-2018-0570 [MEDIUM] CWE-79 CVE-2018-0570: Cross-site scripting vulnerability in baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.
Cross-site scripting vulnerability in baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.
nvd
CVE-2018-0571MEDIUMCVSS 4.3v(baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions)2018-06-26
CVE-2018-0571 [MEDIUM] CWE-434 CVE-2018-0571: baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote
baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote attackers with a site operator privilege to upload arbitrary files.
nvd
CVE-2017-10842CRITICALCVSS 9.8v3.0.14 and earlierv4.0.5 and earlier2017-08-29
CVE-2017-10842 [CRITICAL] CWE-89 CVE-2017-10842: SQL injection vulnerability in the baserCMS 3.0.14 and earlier, 4.0.5 and earlier allows remote atta
SQL injection vulnerability in the baserCMS 3.0.14 and earlier, 4.0.5 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
nvd
CVE-2017-10843HIGHCVSS 7.5v3.0.14 and earlierv4.0.5 and earlier2017-08-29
CVE-2017-10843 [HIGH] CVE-2017-10843: baserCMS version 3.0.14 and earlier, 4.0.5 and earlier allows remote attackers to delete arbitrary f
baserCMS version 3.0.14 and earlier, 4.0.5 and earlier allows remote attackers to delete arbitrary files via unspecified vectors when the "File" field is being used in the mail form.
nvd
CVE-2016-4878HIGHCVSS 8.8vversion 3.0.10 and earlier2017-05-12
CVE-2016-4878 [HIGH] CWE-352 CVE-2016-4878: Cross-site request forgery (CSRF) vulnerability in baserCMS version 3.0.10 and earlier allows remote
Cross-site request forgery (CSRF) vulnerability in baserCMS version 3.0.10 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.
nvd
CVE-2016-4882HIGHCVSS 8.8vversion 3.0.10 and earlier2017-05-12
CVE-2016-4882 [HIGH] CWE-352 CVE-2016-4882: Cross-site request forgery (CSRF) vulnerability in baserCMS version 3.0.10 and earlier allows remote
Cross-site request forgery (CSRF) vulnerability in baserCMS version 3.0.10 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.
nvd
CVE-2016-4876HIGHCVSS 8.8vversion 3.0.10 and earlier2017-05-12
CVE-2016-4876 [HIGH] CWE-352 CVE-2016-4876: Cross-site request forgery (CSRF) vulnerability in baserCMS version 3.0.10 and earlier allows remote
Cross-site request forgery (CSRF) vulnerability in baserCMS version 3.0.10 and earlier allows remote attackers to hijack the authentication of administrators to execute arbitrary PHP code via unspecified vectors.
nvd
CVE-2016-4883MEDIUMCVSS 5.4vversion 3.0.10 and earlier2017-05-12
CVE-2016-4883 [MEDIUM] CWE-79 CVE-2016-4883: Cross-site scripting vulnerability in baserCMS version 3.0.10 and earlier allows remote attackers to
Cross-site scripting vulnerability in baserCMS version 3.0.10 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
nvd