Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1meDJtLTVtOXYtamhncM4AAUnn
XSS in baserCMS before 4.1.4
An issue was discovered in baserCMS before 4.1.4. In the Register New Category feature of the Upload menu, the category name can be used for XSS via the data[UploaderCategory][name] parameter to an admin/uploader/uploader_categories/edit URI.
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1meDJtLTVtOXYtamhncM4AAUnn
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: almost 2 years ago
Updated: 10 months ago
CVSS Score: 4.8
CVSS vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Identifiers: GHSA-fx2m-5m9v-jhgp, CVE-2018-18943
References:
- https://nvd.nist.gov/vuln/detail/CVE-2018-18943
- https://web.archive.org/web/20200130073341/https://basercms.net/release/4_1_4
- https://web.archive.org/web/20211209034642/http://sunu11.com/2018/10/31/baserCMS/
- https://github.com/advisories/GHSA-fx2m-5m9v-jhgp
Affected Packages
packagist:baserproject/basercms
Dependent packages: 0Dependent repositories: 4
Downloads: 38 total
Affected Version Ranges: < 4.1.4
Fixed in: 4.1.4
All affected versions: 0.0.1, 0.0.2, 0.0.3, 0.0.4, 0.0.5, 0.0.6, 0.0.7, 0.0.8, 1.0.0, 2.0.0, 3.0.0, 3.0.1, 3.0.2, 3.0.3, 3.0.4, 3.0.5, 3.0.6, 3.0.7, 3.0.9, 3.0.10, 3.0.11, 3.0.12, 3.0.13, 3.0.14, 3.0.15, 3.0.16, 3.0.17, 3.0.18, 3.0.19, 3.0.20, 3.0.21, 3.0.22, 3.0.23, 3.0.24, 3.0.25, 3.0.26, 4.0.0, 4.1.0
All unaffected versions: 4.2.0, 4.2.1, 4.2.2, 4.2.3, 4.2.4, 4.2.5, 4.4.8, 4.5.4, 4.8.1, 5.0.0, 5.0.1, 5.0.2, 5.0.3, 5.0.4, 5.0.5, 5.0.6, 5.0.7, 5.0.8, 5.0.9, 5.0.10, 5.0.11, 5.0.12, 5.0.13, 5.0.14, 5.0.15