CVE-2021-39136

Опубликовано: 25 авг. 2021

Источник: nvd

CVSS3: 8.7

CVSS3: 5.4

CVSS2: 3.5

EPSS Низкий

Описание

baserCMS is an open source content management system with a focus on Japanese language support. In affected versions there is a cross-site scripting vulnerability in the file upload function of the management system of baserCMS. Users are advised to update as soon as possible. No workaround are available to mitigate this issue.

Ссылки

http://jvn.jp/en/jp/JVN14134801/index.html
Third Party Advisory
https://basercms.net/security/JVN_14134801
Vendor Advisory
https://github.com/baserproject/basercms/commit/568d4cab5ba1cdee7bbf0133c676d02a98f6d7bc
Patch
Third Party Advisory
https://github.com/baserproject/basercms/security/advisories/GHSA-hgjr-632x-qpp3
Third Party Advisory
http://jvn.jp/en/jp/JVN14134801/index.html
Third Party Advisory
https://basercms.net/security/JVN_14134801
Vendor Advisory
https://github.com/baserproject/basercms/commit/568d4cab5ba1cdee7bbf0133c676d02a98f6d7bc
Patch
Third Party Advisory
https://github.com/baserproject/basercms/security/advisories/GHSA-hgjr-632x-qpp3
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:basercms:basercms:*:*:*:*:*:*:*:*

Версия до 4.5.1 (исключая)

EPSS

Процентиль: 67%

0.0054

Низкий

8.7 High

CVSS3

5.4 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-hgjr-632x-qpp3

CVSS3: 8.7

github

больше 4 лет назад

Cross-site scripting vulnerability in file upload

EPSS

Процентиль: 67%

0.0054

Низкий

8.7 High

CVSS3

5.4 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79