baserproject/basercms Security Advisories for 4.2.2 (25)
-
[HIGH] baserCMS has a Cross-site Scripting (XSS) Vulnerability in Edit Email Form Settings Feature
PKSA-vwf1-pc89-hwmm CVE-2024-46998 GHSA-p3m2-mj3j-j49x
Affected version: <=5.1.1
Reported by:
GitHub -
[MEDIUM] baserCMS has a Cross-site Scripting (XSS) Vulnerability in Blog posts Feature
PKSA-2n26-3nmt-wj9x CVE-2024-46996 GHSA-66jv-qrm3-vvfg
Affected version: <=5.1.1
Reported by:
GitHub -
[MEDIUM] baserCMS has a Cross-site Scripting (XSS) Vulnerability in HTTP 400 Bad Request
PKSA-p655-dyj9-4mvs CVE-2024-46995 GHSA-mr7q-fv7j-jcgv
Affected version: <=5.1.1
Reported by:
GitHub -
[MEDIUM] baserCMS has a Cross-site Scripting (XSS) Vulnerability in Blog posts and Contents list Feature
PKSA-xcdb-2rf5-69bx CVE-2024-46994 GHSA-wrjc-fmfq-w3jr
Affected version: <=5.1.1
Reported by:
GitHub -
[MEDIUM] baserCMS Cross-site Scripting vulnerability in Site search Feature
PKSA-mwdp-p7zx-ctg9 CVE-2023-44379 GHSA-66c2-p8rh-qx87
Affected version: <5.0.9
Reported by:
GitHub -
[MEDIUM] baserCMS OS command injection vulnerability in Installer
PKSA-8rh3-g94s-b7nm CVE-2023-51450 GHSA-77fc-4cv5-hmfr
Affected version: <5.0.9
Reported by:
GitHub -
[MEDIUM] baserCMS Cross-site Scripting vulnerability in Content Management
PKSA-6q5n-gkcc-h3dr CVE-2024-26128 GHSA-jjxq-m8h3-4vw5
Affected version: <5.0.9
Reported by:
GitHub -
[MEDIUM] baserCMS CSRF vulnerability in Content preview Feature
PKSA-nxwy-9p2v-qc9n CVE-2023-43649 GHSA-fw9x-cqjq-7jx5
Affected version: <4.8.0
Reported by:
GitHub -
[MEDIUM] baserCMS Directory Traversal vulnerability in Form submission data management Feature
PKSA-22d5-943w-6dy7 CVE-2023-43648 GHSA-hmqj-gv2m-hq55
Affected version: <4.8.0
Reported by:
GitHub -
[MEDIUM] baserCMS Cross-site Scripting vulnerability in File upload Feature
PKSA-bxhm-kd8v-fz1m CVE-2023-43647 GHSA-ggj4-78rm-6xgv
Affected version: <4.8.0
Reported by:
GitHub -
[MEDIUM] baserCMS Cross-site Scripting Vulnerability in Favorites Feature
PKSA-fcwx-h4gs-44bz CVE-2023-29009 GHSA-8vqx-prq4-rqrq
Affected version: <4.8.0
Reported by:
GitHub -
[CRITICAL] baserCMS allows any file to be uploaded
PKSA-986w-k86s-1jm5 CVE-2023-25655 GHSA-mfvg-qwcw-qvc8
Affected version: <4.7.5
Reported by:
GitHub -
[CRITICAL] baserCMS File Uploader Remote Code Execution (RCE) vulnerability
PKSA-by4q-b96z-rq2t CVE-2023-25654 GHSA-h4cc-fxpp-pgw9
Affected version: <4.7.5
Reported by:
GitHub -
[MEDIUM] baserCMS vulnerable to stored Cross-site Scripting
PKSA-6fzq-jkcg-kvtm CVE-2022-42486 GHSA-7w2v-35j3-xrm9
Affected version: <4.7.2
Reported by:
GitHub -
[MEDIUM] baserCMS vulnerable to stored Cross-site Scripting
PKSA-rfzx-7pgr-3782 CVE-2022-41994 GHSA-vxwf-79ch-f7f7
Affected version: <4.7.2
Reported by:
GitHub -
[MEDIUM] baserproject/basercms vulnerable to cross-site scripting (XSS) vulnerability
PKSA-bbz7-vqbc-jf2x CVE-2022-39325 GHSA-395x-wv32-44v5
Affected version: <=4.7.1
Reported by:
GitHub -
[CRITICAL] OS Command Injection Vulnerability and Potential Zip Slip Vulnerability in baserCMS
PKSA-8sn2-zvy7-x3wh CVE-2021-41243 GHSA-7rpc-9m88-cf9w
Affected version: <4.5.4
Reported by:
GitHub -
[HIGH] Potential Zip Slip Vulnerability in baserCMS
PKSA-1pv2-4z3b-ffqj CVE-2021-41279 GHSA-4x2f-54wr-4hjg
Affected version: <4.5.4
Reported by:
GitHub -
[HIGH] Cross-site scripting vulnerability in file upload
PKSA-wns2-ncyt-ck6c CVE-2021-39136 GHSA-hgjr-632x-qpp3
Affected version: <=4.5.0
Reported by:
GitHub -
[MEDIUM] Cross-site Scripting (XSS) in baserCMS
PKSA-fnvn-dwyj-npvb CVE-2021-20683 GHSA-v9w8-hq92-v39m
Affected version: <4.4.5
Reported by:
GitHub -
[HIGH] OS Command Injection in baserCMS
PKSA-q92h-r6kb-v79s CVE-2021-20682 GHSA-g39q-f4rm-85x4
Affected version: <4.4.5
Reported by:
GitHub -
[MEDIUM] Cross-site Scripting (XSS) in baserCMS
PKSA-gs8f-m49s-36b8 CVE-2021-20681 GHSA-24p5-x9f9-vvpx
Affected version: <4.4.5
Reported by:
GitHub -
[LOW] Cross Site Scripting and RCE in baserCMS
PKSA-dr4p-ftdr-9djy CVE-2020-15159 GHSA-673x-f5wx-fxpw
Affected version: >=4.0.0,<=4.3.6
Reported by:
GitHub -
[LOW] Cross Site Scripting(XSS) Vulnerability in Latest Release 4.3.6 Site basic settings
PKSA-1pdq-ckcy-5jbx CVE-2020-15155 GHSA-4r3m-j6x5-48m3
Affected version: >=4.0.0,<=4.3.6
Reported by:
GitHub -
[LOW] Cross Site Scripting in baserCMS
PKSA-d64v-jbj3-w5rj CVE-2020-15154 GHSA-cpxc-67rc-c775
Affected version: >=4.0.0,<=4.3.6
Reported by:
GitHub