Baserproject Basercms vulnerabilities
56 known vulnerabilities affecting baserproject/basercms.
Total CVEs
56
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL7HIGH22MEDIUM27
Vulnerabilities
Page 3 of 3
CVE-2024-46995P4MEDIUMCVSS 6.1fixed in 5.1.22024-10-24
CVE-2024-46995 [MEDIUM] CWE-79 CVE-2024-46995: baserCMS is a website development framework. Versions prior to 5.1.2 have a cross-site scripting vul
baserCMS is a website development framework. Versions prior to 5.1.2 have a cross-site scripting vulnerability in HTTP 400 Bad Request. Version 5.1.2 fixes this issue.
ghsanvdosv
CVE-2021-20683P4MEDIUM≥ 0, < 4.4.52021-06-08
CVE-2021-20683 [MEDIUM] CWE-79 Cross-site Scripting (XSS) in baserCMS
Cross-site Scripting (XSS) in baserCMS
Improper neutralization of JavaScript input in the blog article editing function of baserCMS versions prior to 4.4.5 allows remote authenticated attackers to inject an arbitrary script via unspecified vectors.
ghsaosv
CVE-2024-26128P4MEDIUMCVSS 5.4fixed in 5.0.92024-02-22
CVE-2024-26128 [MEDIUM] CWE-79 CVE-2024-26128: baserCMS is a website development framework. Prior to version 5.0.9, there is a cross-site scripting
baserCMS is a website development framework. Prior to version 5.0.9, there is a cross-site scripting vulnerability in the content management feature. Version 5.0.9 contains a fix for this vulnerability.
ghsanvdosv
CVE-2023-43647P4MEDIUMCVSS 5.4fixed in 4.8.02023-10-30
CVE-2023-43647 [MEDIUM] CWE-79 CVE-2023-43647: baserCMS is a website development framework. Prior to version 4.8.0, there is a cross-site scripting
baserCMS is a website development framework. Prior to version 4.8.0, there is a cross-site scripting vulnerability in the file upload feature of baserCMS. Version 4.8.0 contains a patch for this issue.
ghsanvdosv
CVE-2024-46998P4MEDIUMCVSS 5.4fixed in 5.1.22024-10-24
CVE-2024-46998 [MEDIUM] CWE-79 CVE-2024-46998: baserCMS is a website development framework. Versions prior to 5.1.2 have a cross-site scripting vul
baserCMS is a website development framework. Versions prior to 5.1.2 have a cross-site scripting vulnerability in the Edit Email Form Settings Feature. Version 5.1.2 fixes the issue.
ghsanvdosv
CVE-2024-46996P4MEDIUMCVSS 5.4fixed in 5.1.22024-10-24
CVE-2024-46996 [MEDIUM] CWE-79 CVE-2024-46996: baserCMS is a website development framework. Versions prior to 5.1.2 have a cross-site scripting vul
baserCMS is a website development framework. Versions prior to 5.1.2 have a cross-site scripting vulnerability in the Blog posts feature. Version 5.1.2 fixes this issue.
ghsanvdosv
CVE-2024-46994P4MEDIUMCVSS 5.4fixed in 5.1.22024-10-24
CVE-2024-46994 [MEDIUM] CWE-79 CVE-2024-46994: baserCMS is a website development framework. Versions prior to 5.1.2 have a cross-site scripting vul
baserCMS is a website development framework. Versions prior to 5.1.2 have a cross-site scripting vulnerability in Blog posts and Contents list Feature. Version 5.1.2 fixes this issue.
ghsanvdosv
CVE-2011-2674P4MEDIUM≥ 0, < 1.6.122022-05-13
CVE-2011-2674 [MEDIUM] CWE-269 BaserCMS privilege escallation
BaserCMS privilege escallation
BaserCMS before 1.6.12 does not properly restrict additions to the membership of the operators group, which allows remote authenticated users to gain privileges via unspecified vectors.
ghsaosv
CVE-2018-0571P4MEDIUM≥ 4.0.0, < 4.1.1≥ 0, < 3.0.162022-05-14
CVE-2018-0571 [MEDIUM] CWE-434 baserCMS arbitrary file upload vulnerability
baserCMS arbitrary file upload vulnerability
baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote attackers with a site operator privilege to upload arbitrary files.
ghsaosv
CVE-2021-20681P4MEDIUM≥ 0, < 4.4.52021-06-08
CVE-2021-20681 [MEDIUM] CWE-79 Cross-site Scripting (XSS) in baserCMS
Cross-site Scripting (XSS) in baserCMS
Improper neutralization of JavaScript input in the page editing function of baserCMS versions prior to 4.4.5 allows remote authenticated attackers to inject an arbitrary script via unspecified vectors.
ghsaosv
CVE-2018-0574P4MEDIUM≥ 4.0.0, ≤ 4.1.0.1≥ 0, ≤ 3.0.152022-05-14
CVE-2018-0574 [MEDIUM] CWE-79 XSS in baserCMS
XSS in baserCMS
Cross-site scripting vulnerability in baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
ghsaosv
CVE-2018-0570P4MEDIUM≥ 4.0.0, ≤ 4.1.0.1≥ 0, ≤ 3.0.152022-05-14
CVE-2018-0570 [MEDIUM] CWE-79 XSS in baserCMS
XSS in baserCMS
Cross-site scripting vulnerability in baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.
ghsaosv
CVE-2016-4880P4MEDIUM≥ 0, < 3.0.112022-05-17
CVE-2016-4880 [MEDIUM] CWE-79 baserCMS Cross-site Scripting vulnerability
baserCMS Cross-site Scripting vulnerability
Cross-site scripting vulnerability in baserCMS plugin Blog version 3.0.10 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.
ghsaosv
CVE-2022-41994P4MEDIUM≥ 0, < 4.7.22022-12-07
CVE-2022-41994 [MEDIUM] CWE-79 baserCMS vulnerable to stored Cross-site Scripting
baserCMS vulnerable to stored Cross-site Scripting
Stored cross-site scripting vulnerability in Permission Settings of baserCMS versions prior to 4.7.2 allows a remote authenticated attacker with an administrative privilege to inject an arbitrary script.
ghsaosv
CVE-2022-42486P4MEDIUM≥ 0, < 4.7.22022-12-07
CVE-2022-42486 [MEDIUM] CWE-79 baserCMS vulnerable to stored Cross-site Scripting
baserCMS vulnerable to stored Cross-site Scripting
Stored cross-site scripting vulnerability in User group management of baserCMS versions prior to 4.7.2 allows a remote authenticated attacker with an administrative privilege to inject an arbitrary script.
ghsaosv
CVE-2018-18943P4MEDIUM≥ 0, < 4.1.42022-05-14
CVE-2018-18943 [MEDIUM] CWE-79 XSS in baserCMS before 4.1.4
XSS in baserCMS before 4.1.4
An issue was discovered in baserCMS before 4.1.4. In the Register New Category feature of the Upload menu, the category name can be used for XSS via the `data[UploaderCategory][name]` parameter to an `admin/uploader/uploader_categories/edit` URI.
ghsaosv
← Previous3 / 3