Описание
baserCMS before version 4.4.1 is vulnerable to Cross-Site Scripting. Arbitrary JavaScript may be executed by entering a crafted nickname in blog comments. The issue affects the blog comment component. It is fixed in version 4.4.1.
Ссылки
- Vendor Advisory
- PatchThird Party Advisory
- PatchThird Party Advisory
- Vendor Advisory
- PatchThird Party Advisory
- PatchThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 4.0.0 (включая) до 4.4.1 (исключая)
cpe:2.3:a:basercms:basercms:*:*:*:*:*:*:*:*
EPSS
Процентиль: 69%
0.00592
Низкий
7.7 High
CVSS3
8.7 High
CVSS3
3.5 Low
CVSS2
Дефекты
CWE-79
Связанные уязвимости
CVSS3: 7.7
github
больше 5 лет назад
Blog comment posting, Cross Site Scripting(XSS) Vulnerability in Latest Release 4.4.0
EPSS
Процентиль: 69%
0.00592
Низкий
7.7 High
CVSS3
8.7 High
CVSS3
3.5 Low
CVSS2
Дефекты
CWE-79