CVE-2023-43647

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2023-43647
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-43647.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2023-43647
Aliases
Published
2023-10-30T18:18:35.381Z
Modified
2025-11-29T14:42:34.186219Z
Severity
  • 6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
baserCMS Cross-site Scripting vulnerability in File upload Feature
Details

baserCMS is a website development framework. Prior to version 4.8.0, there is a cross-site scripting vulnerability in the file upload feature of baserCMS. Version 4.8.0 contains a patch for this issue.

Database specific 
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/43xxx/CVE-2023-43647.json",
    "cna_assigner": "GitHub_M",
    "cwe_ids": [
        "CWE-79"
    ]
}
References

Affected packages

Git / github.com/baserproject/basercms

Affected ranges

Type
GIT
Repo
https://github.com/baserproject/basercms
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
d9014ad55c048264a0be07c8a95cfebff8ae4b4d

Affected versions

2.*

2.0.0
2.0.0-beta
2.0.1
2.0.2
2.0.3
2.0.4
2.0.5
2.0.5.1
2.1.0
2.1.1
2.1.2

3.*

3.0.0
3.0.1
3.0.10
3.0.11
3.0.11.1
3.0.2
3.0.3
3.0.4
3.0.5
3.0.5.1
3.0.6
3.0.6-beta
3.0.6.1
3.0.7
3.0.8
3.0.9

4.*

4.0.0
4.0.0-beta
4.0.1
4.0.10
4.0.10.1
4.0.11
4.0.2
4.0.2.1
4.0.3
4.0.4
4.0.5
4.0.5.1
4.0.5.2
4.0.6
4.0.7
4.0.8
4.0.9
4.1.0
4.1.0.1
4.1.1
4.1.2
4.1.3
4.1.4
4.1.5
4.1.6
4.1.7
4.1.8
4.2.0
4.2.1
4.2.2
4.2.3
4.2.4
4.2.5
4.3.0
4.3.1
4.3.2
4.3.3
4.3.4
4.3.5
4.3.6
4.3.7
4.3.7.1
4.4.0
4.4.1
4.4.1.1
4.4.2
4.4.2.1
4.4.3
4.4.4
4.4.5
4.4.6
4.4.7
4.4.8
4.5.0
4.5.1
4.5.2
4.5.3
4.5.4
4.5.5
4.5.6
4.6.0
4.6.1
4.6.1.1
4.6.2
4.6.3
4.7.0
4.7.2
4.7.3
4.7.5
4.7.6
4.7.7
4.7.8