CVE-2023-43647

Опубликовано: 30 окт. 2023

Источник: nvd

CVSS3: 6.1

CVSS3: 5.4

EPSS Низкий

Описание

baserCMS is a website development framework. Prior to version 4.8.0, there is a cross-site scripting vulnerability in the file upload feature of baserCMS. Version 4.8.0 contains a patch for this issue.

Ссылки

https://basercms.net/security/JVN_24381990
Vendor Advisory
https://github.com/baserproject/basercms/commit/eb5977533d05db4f3bb03bd19630b66052799b2e
Third Party Advisory
https://github.com/baserproject/basercms/security/advisories/GHSA-ggj4-78rm-6xgv
Third Party Advisory
https://basercms.net/security/JVN_24381990
Vendor Advisory
https://github.com/baserproject/basercms/commit/eb5977533d05db4f3bb03bd19630b66052799b2e
Third Party Advisory
https://github.com/baserproject/basercms/security/advisories/GHSA-ggj4-78rm-6xgv
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:basercms:basercms:*:*:*:*:*:*:*:*

Версия до 4.8.0 (исключая)

EPSS

Процентиль: 68%

0.00572

Низкий

6.1 Medium

CVSS3

5.4 Medium

CVSS3

Дефекты

CWE-79

Связанные уязвимости

GHSA-ggj4-78rm-6xgv

CVSS3: 6.1

github

больше 2 лет назад

baserCMS Cross-site Scripting vulnerability in File upload Feature

EPSS

Процентиль: 68%

0.00572

Низкий

6.1 Medium

CVSS3

5.4 Medium

CVSS3

Дефекты

CWE-79