GHSA-994g-74gq-5qpr

Source

https://github.com/advisories/GHSA-994g-74gq-5qpr

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-994g-74gq-5qpr/GHSA-994g-74gq-5qpr.json

JSON Data

https://api.test.osv.dev/v1/vulns/GHSA-994g-74gq-5qpr

Aliases

CVE-2018-0570

Published

2022-05-14T03:06:07Z

Modified

2023-11-01T04:48:28.719764Z

Severity

5.4 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

XSS in baserCMS

Details

Cross-site scripting vulnerability in baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.

Database specific

{
    "cwe_ids": [
        "CWE-79"
    ],
    "github_reviewed": true,
    "nvd_published_at": "2018-06-26T14:29:00Z",
    "github_reviewed_at": "2023-07-07T00:14:39Z",
    "severity": "MODERATE"
}

References

Affected packages

Packagist / baserproject/basercms

Package

Name: baserproject/basercms
Purl: pkg:composer/baserproject/basercms

Affected ranges

Type: ECOSYSTEM
Events: Introduced

4.0.0

Last affected

4.1.0.1

Packagist / baserproject/basercms

Package

Name: baserproject/basercms
Purl: pkg:composer/baserproject/basercms

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Last affected

3.0.15