Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1wM20yLW1qM2otajQ5eM4ABAoB
baserCMS has a Cross-site Scripting (XSS) Vulnerability in Edit Email Form Settings Feature
XSS vulnerability in Edit Email Form Settings Feature to baserCMS.
Target
baserCMS 5.1.1 and earlier versions
Vulnerability
Malicious code may be executed in Edit Email Form Settings feature.
Countermeasures
Update to the latest version of baserCMS
Please refer to the following page to reference for more information.
https://basercms.net/security/JVN_00876083
Credits
Ayato Shitomi@Fore-Z
Permalink: https://github.com/advisories/GHSA-p3m2-mj3j-j49xJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1wM20yLW1qM2otajQ5eM4ABAoB
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: 28 days ago
Updated: 24 days ago
CVSS Score: 7.1
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N
Identifiers: GHSA-p3m2-mj3j-j49x, CVE-2024-46998
References:
- https://github.com/baserproject/basercms/security/advisories/GHSA-p3m2-mj3j-j49x
- https://basercms.net/security/JVN_00876083
- https://nvd.nist.gov/vuln/detail/CVE-2024-46998
- https://basercms.net/security/JVN_98693329
- https://github.com/advisories/GHSA-p3m2-mj3j-j49x
Blast Radius: 4.3
Affected Packages
packagist:baserproject/basercms
Dependent packages: 0Dependent repositories: 4
Downloads: 40 total
Affected Version Ranges: <= 5.1.1
Fixed in: 5.1.2
All affected versions: 0.0.1, 0.0.2, 0.0.3, 0.0.4, 0.0.5, 0.0.6, 0.0.7, 0.0.8, 1.0.0, 2.0.0, 3.0.0, 3.0.1, 3.0.2, 3.0.3, 3.0.4, 3.0.5, 3.0.6, 3.0.7, 3.0.8, 3.0.9, 3.0.10, 3.0.11, 3.0.12, 3.0.13, 3.0.14, 3.0.15, 3.0.16, 3.0.17, 3.0.18, 3.0.19, 3.0.20, 3.0.21, 3.0.22, 3.0.23, 3.0.24, 3.0.25, 3.0.26, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.5, 4.0.6, 4.0.7, 4.0.8, 4.0.9, 4.0.10, 4.0.11, 4.1.0, 4.1.1, 4.1.2, 4.1.3, 4.1.4, 4.1.5, 4.1.6, 4.1.7, 4.1.8, 4.2.0, 4.2.1, 4.2.2, 4.2.3, 4.2.4, 4.2.5, 4.3.0, 4.3.1, 4.3.2, 4.3.3, 4.3.4, 4.3.5, 4.3.6, 4.3.7, 4.4.0, 4.4.1, 4.4.2, 4.4.3, 4.4.4, 4.4.5, 4.4.6, 4.4.7, 4.4.8, 4.5.0, 4.5.1, 4.5.2, 4.5.3, 4.5.4, 4.5.5, 4.5.6, 4.6.0, 4.6.1, 4.6.2, 4.6.3, 4.7.0, 4.7.2, 4.7.3, 4.7.5, 4.7.6, 4.7.7, 4.7.8, 4.8.0, 4.8.1, 5.0.0, 5.0.1, 5.0.2, 5.0.3, 5.0.4, 5.0.5, 5.0.6, 5.0.7, 5.0.8, 5.0.9, 5.0.10, 5.0.11, 5.0.12, 5.0.13, 5.0.14, 5.0.15, 5.0.16, 5.0.17, 5.0.18, 5.0.19, 5.0.20, 5.1.0, 5.1.1
All unaffected versions: 5.1.2