CVE-2018-18943 – baserproject/basercms

Package

Manager: composer
Name: baserproject/basercms
Vulnerable Version: >=0 <4.1.4

Severity

Level: Medium

CVSS v3.1: CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00329 pctl0.55255

Details

XSS in baserCMS before 4.1.4 An issue was discovered in baserCMS before 4.1.4. In the Register New Category feature of the Upload menu, the category name can be used for XSS via the `data[UploaderCategory][name]` parameter to an `admin/uploader/uploader_categories/edit` URI.

Metadata

Created: 2022-05-14T01:50:42Z
Modified: 2023-07-07T00:42:40Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-fx2m-5m9v-jhgp/GHSA-fx2m-5m9v-jhgp.json
CWE IDs: ["CWE-79"]
Alternative ID: GHSA-fx2m-5m9v-jhgp
Finding: F425
Auto approve: 1