Refine your search
47 vulnerabilities found for baserCMS by baserCMS Users Community
jvndb-2026-000047
Vulnerability from jvndb
Published
2026-03-27 18:00
Modified
2026-03-27 18:00
Severity ?
Summary
Multiple vulnerabilities in baserCMS
Details
baserCMS provided by baserCMS User Community contains multiple vulnerabilities listed below.<a href='https://cwe.mitre.org/data/definitions/79.html' target='_blank'></a><a href='https://cwe.mitre.org/data/definitions/78.html' target='_blank'></a><a href='https://cwe.mitre.org/data/definitions/89.html' target='_blank'></a><a href='https://cwe.mitre.org/data/definitions/79.html' target='_blank'></a><ul><li>Cross-site scripting (CWE-79) - CVE-2026-30879</li><li>OS command injection (CWE-78) - CVE-2026-30880</li><li>SQL injection (CWE-89) - CVE-2026-27697</li><li>Cross-site scripting (CWE-79) - CVE-2026-32734</li></ul>CVE-2026-30879
Gai Tanaka of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
quanlna2 (Le Nguyen Anh Quan), namdi (Do Ich Nam), minhnn42 (Nguyen Ngoc Minh) of VCSLab - Viettel Cyber Security reported this vulnerability to JPCERT/CC to notify users of its solution through JVN.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
CVE-2026-30880
REN XINGDIAN reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
CVE-2026-27697
Mirai Matsumoto of Future Secure Wave, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
CVE-2026-32734
quanlna2 (Le Nguyen Anh Quan), namdi (Do Ich Nam), minhnn42 (Nguyen Ngoc Minh) of VCSLab - Viettel Cyber Security reported these vulnerabilities to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC coordinated with the developer.
References
| Type | URL | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2026/JVNDB-2026-000047.html",
"dc:date": "2026-03-27T18:00+09:00",
"dcterms:issued": "2026-03-27T18:00+09:00",
"dcterms:modified": "2026-03-27T18:00+09:00",
"description": "baserCMS provided by baserCMS User Community contains multiple vulnerabilities listed below.\u003ca href=\u0027https://cwe.mitre.org/data/definitions/79.html\u0027 target=\u0027_blank\u0027\u003e\u003c/a\u003e\u003ca href=\u0027https://cwe.mitre.org/data/definitions/78.html\u0027 target=\u0027_blank\u0027\u003e\u003c/a\u003e\u003ca href=\u0027https://cwe.mitre.org/data/definitions/89.html\u0027 target=\u0027_blank\u0027\u003e\u003c/a\u003e\u003ca href=\u0027https://cwe.mitre.org/data/definitions/79.html\u0027 target=\u0027_blank\u0027\u003e\u003c/a\u003e\u003cul\u003e\u003cli\u003eCross-site scripting (CWE-79) - CVE-2026-30879\u003c/li\u003e\u003cli\u003eOS command injection (CWE-78) - CVE-2026-30880\u003c/li\u003e\u003cli\u003eSQL injection (CWE-89) - CVE-2026-27697\u003c/li\u003e\u003cli\u003eCross-site scripting (CWE-79) - CVE-2026-32734\u003c/li\u003e\u003c/ul\u003eCVE-2026-30879\r\nGai Tanaka of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.\r\nquanlna2 (Le Nguyen Anh Quan), namdi (Do Ich Nam), minhnn42 (Nguyen Ngoc Minh) of VCSLab - Viettel Cyber Security reported this vulnerability to JPCERT/CC to notify users of its solution through JVN.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.\r\n\r\nCVE-2026-30880\r\nREN XINGDIAN reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.\r\n\r\nCVE-2026-27697\r\nMirai Matsumoto of Future Secure Wave, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.\r\n\r\nCVE-2026-32734\r\nquanlna2 (Le Nguyen Anh Quan), namdi (Do Ich Nam), minhnn42 (Nguyen Ngoc Minh) of VCSLab - Viettel Cyber Security reported these vulnerabilities to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC coordinated with the developer.",
"link": "https://jvndb.jvn.jp/en/contents/2026/JVNDB-2026-000047.html",
"sec:cpe": {
"#text": "cpe:/a:basercms:basercms",
"@product": "baserCMS",
"@vendor": "baserCMS Users Community",
"@version": "2.2"
},
"sec:cvss": {
"@score": "8.1",
"@severity": "High",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"@version": "3.0"
},
"sec:identifier": "JVNDB-2026-000047",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN20837860/index.html",
"@id": "JVN#20837860",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2026-30879",
"@id": "CVE-2026-30879",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2026-30880",
"@id": "CVE-2026-30880",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2026-27697",
"@id": "CVE-2026-27697",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2026-32734",
"@id": "CVE-2026-32734",
"@source": "CVE"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-78",
"@title": "OS Command Injection(CWE-78)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-89",
"@title": "SQL Injection(CWE-89)"
}
],
"title": "Multiple vulnerabilities in baserCMS"
}
jvndb-2024-000114
Vulnerability from jvndb
Published
2024-10-25 15:07
Modified
2025-02-18 15:35
Severity ?
Summary
Multiple vulnerabilities in baserCMS
Details
baserCMS provided by baserCMS Users Community contains multiple vulnerabilities listed below.<ul><li>Stored cross-site scripting vulnerability due to inappropriate Slug handling on Article Edit (CWE-79) - CVE-2024-46996</li><li>Stored cross-site scripting vulnerability on Edit Email Form Settings (CWE-79) - CVE-2024-46998</li><li>Reflected cross-site scripting vulnerability due to inadequate error page generation process (CWE-81) - CVE-2024-46995</li><li>Stored cross-site scripting vulnerability due to inappropriate input data handling on Article Edit and Content List (CWE-79) - CVE-2024-46994</li></ul>CVE-2024-46996
Ayato Shitomi of Fore-Z co.ltd and Rikuto Tauchi reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
CVE-2024-46998
Ayato Shitomi of Fore-Z co.ltd reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
CVE-2024-46995
Yusuke Uchida of PERSOL CROSS TECHNOLOGY CO., LTD. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
CVE-2024-46994
Kyohei Ota of LEON TECHNOLOGY,Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-000114.html",
"dc:date": "2025-02-18T15:35+09:00",
"dcterms:issued": "2024-10-25T15:07+09:00",
"dcterms:modified": "2025-02-18T15:35+09:00",
"description": "baserCMS provided by baserCMS Users Community contains multiple vulnerabilities listed below.\u003cul\u003e\u003cli\u003eStored cross-site scripting vulnerability due to inappropriate Slug handling on Article Edit (CWE-79) - CVE-2024-46996\u003c/li\u003e\u003cli\u003eStored cross-site scripting vulnerability on Edit Email Form Settings (CWE-79) - CVE-2024-46998\u003c/li\u003e\u003cli\u003eReflected cross-site scripting vulnerability due to inadequate error page generation process (CWE-81) - CVE-2024-46995\u003c/li\u003e\u003cli\u003eStored cross-site scripting vulnerability due to inappropriate input data handling on Article Edit and Content List (CWE-79) - CVE-2024-46994\u003c/li\u003e\u003c/ul\u003eCVE-2024-46996\r\nAyato Shitomi of Fore-Z co.ltd and Rikuto Tauchi reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.\r\n\r\nCVE-2024-46998\r\nAyato Shitomi of Fore-Z co.ltd reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.\r\n\r\nCVE-2024-46995\r\nYusuke Uchida of PERSOL CROSS TECHNOLOGY CO., LTD. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.\r\n\r\nCVE-2024-46994\r\nKyohei Ota of LEON TECHNOLOGY,Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-000114.html",
"sec:cpe": [
{
"#text": "cpe:/a:basercms:basercms",
"@product": "baserCMS",
"@vendor": "baserCMS Users Community",
"@version": "2.2"
},
{
"#text": "cpe:/a:basercms:basercms",
"@product": "baserCMS",
"@vendor": "baserCMS Users Community",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "6.1",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"@version": "3.0"
},
"sec:identifier": "JVNDB-2024-000114",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN00876083/index.html",
"@id": "JVN#00876083",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-46996",
"@id": "CVE-2024-46996",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-46998",
"@id": "CVE-2024-46998",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-46995",
"@id": "CVE-2024-46995",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-46994",
"@id": "CVE-2024-46994",
"@source": "CVE"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "Multiple vulnerabilities in baserCMS"
}
jvndb-2024-000022
Vulnerability from jvndb
Published
2024-02-27 14:25
Modified
2024-02-27 14:25
Severity ?
Summary
Multiple vulnerabilities in baserCMS
Details
baserCMS provided by baserCMS Users Community contains multiple vulnerabilities listed below.
<ul>
<li>Reflected cross-site scripting vulnerability in Site search Feature (CWE-79) - CVE-2023-44379</li>
<li>Stored cross-site scripting vulnerability in Content Management (CWE-79) - CVE-2024-26128</li>
<li>OS command injection vulnerability (CWE-78) - CVE-2023-51450</li>
</ul>
CVE-2023-44379
Yusuke Uchida of PERSOL CROSS TECHNOLOGY CO., LTD. (Not affiliated at the time of report submission) reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
CVE-2024-26128
Kentaro Ishii of GMO Cybersecurity by Ierae, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
CVE-2023-51450
Shunsuke Tanizaki reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| Type | URL | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-000022.html",
"dc:date": "2024-02-27T14:25+09:00",
"dcterms:issued": "2024-02-27T14:25+09:00",
"dcterms:modified": "2024-02-27T14:25+09:00",
"description": "baserCMS provided by baserCMS Users Community contains multiple vulnerabilities listed below.\r\n\r\n\u003cul\u003e\r\n\u003cli\u003eReflected cross-site scripting vulnerability in Site search Feature (CWE-79) - CVE-2023-44379\u003c/li\u003e\r\n\u003cli\u003eStored cross-site scripting vulnerability in Content Management (CWE-79) - CVE-2024-26128\u003c/li\u003e\r\n\u003cli\u003eOS command injection vulnerability (CWE-78) - CVE-2023-51450\u003c/li\u003e\r\n\u003c/ul\u003e\r\n\r\nCVE-2023-44379\r\nYusuke Uchida of PERSOL CROSS TECHNOLOGY CO., LTD. (Not affiliated at the time of report submission) reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.\r\n\r\nCVE-2024-26128\r\nKentaro Ishii of GMO Cybersecurity by Ierae, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.\r\n\r\nCVE-2023-51450\r\nShunsuke Tanizaki reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-000022.html",
"sec:cpe": {
"#text": "cpe:/a:basercms:basercms",
"@product": "baserCMS",
"@vendor": "baserCMS Users Community",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "6.8",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"@version": "2.0"
},
{
"@score": "8.1",
"@severity": "High",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2024-000022",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN73283159/index.html",
"@id": "JVN#73283159",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-44379",
"@id": "CVE-2023-44379",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-26128",
"@id": "CVE-2024-26128",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-51450",
"@id": "CVE-2023-51450",
"@source": "CVE"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-78",
"@title": "OS Command Injection(CWE-78)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
}
],
"title": "Multiple vulnerabilities in baserCMS"
}
jvndb-2023-000106
Vulnerability from jvndb
Published
2023-10-27 14:46
Modified
2024-05-07 15:59
Severity ?
Summary
Multiple vulnerabilities in baserCMS
Details
baserCMS provided by baserCMS Users Community contains multiple vulnerabilities listed below.<ul><li>Stored cross-site scripting vulnerability (CWE-79) - CVE-2023-29009</li><li>Reflected cross-site scripting vulnerability (CWE-79) - CVE-2023-43647</li><li>Directory traversal vulnerability (CWE-22) - CVE-2023-43648</li><li>Cross-site request forgery vulnerability (CWE-352) - CVE-2023-43649</li><li>Arbitrary file upload vulnerability (CWE-434) - CVE-2023-43792</li></ul>
CVE-2023-29009
Kyohei Ota reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
CVE-2023-43647, CVE-2023-43648, CVE-2023-43649, CVE-2023-43792
Shiga Takuma of BroadBand Security, Inc reported these vulnerabilities to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| Type | URL | ||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-000106.html",
"dc:date": "2024-05-07T15:59+09:00",
"dcterms:issued": "2023-10-27T14:46+09:00",
"dcterms:modified": "2024-05-07T15:59+09:00",
"description": "baserCMS provided by baserCMS Users Community contains multiple vulnerabilities listed below.\u003cul\u003e\u003cli\u003eStored cross-site scripting vulnerability (CWE-79) - CVE-2023-29009\u003c/li\u003e\u003cli\u003eReflected cross-site scripting vulnerability (CWE-79) - CVE-2023-43647\u003c/li\u003e\u003cli\u003eDirectory traversal vulnerability (CWE-22) - CVE-2023-43648\u003c/li\u003e\u003cli\u003eCross-site request forgery vulnerability (CWE-352) - CVE-2023-43649\u003c/li\u003e\u003cli\u003eArbitrary file upload vulnerability (CWE-434) - CVE-2023-43792\u003c/li\u003e\u003c/ul\u003e\r\nCVE-2023-29009\r\nKyohei Ota reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.\r\n\r\nCVE-2023-43647, CVE-2023-43648, CVE-2023-43649, CVE-2023-43792\r\nShiga Takuma of BroadBand Security, Inc reported these vulnerabilities to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-000106.html",
"sec:cpe": {
"#text": "cpe:/a:basercms:basercms",
"@product": "baserCMS",
"@vendor": "baserCMS Users Community",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "6.8",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"@version": "2.0"
},
{
"@score": "6.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2023-000106",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN45547161/index.html",
"@id": "JVN#45547161",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-29009",
"@id": "CVE-2023-29009",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-43647",
"@id": "CVE-2023-43647",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-43648",
"@id": "CVE-2023-43648",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-43649",
"@id": "CVE-2023-43649",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-43792",
"@id": "CVE-2023-43792",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-29009",
"@id": "CVE-2023-29009",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-43647",
"@id": "CVE-2023-43647",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-43648",
"@id": "CVE-2023-43648",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-43649",
"@id": "CVE-2023-43649",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-43792",
"@id": "CVE-2023-43792",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-22",
"@title": "Path Traversal(CWE-22)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-352",
"@title": "Cross-Site Request Forgery(CWE-352)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "Multiple vulnerabilities in baserCMS"
}
jvndb-2023-000028
Vulnerability from jvndb
Published
2023-03-27 13:39
Modified
2024-06-06 17:31
Severity ?
Summary
baserCMS vulnerable to arbitrary file uploads
Details
baserCMS provided by baserCMS Users Community allows an authenticated user to upload arbitrary files (CWE-434).
Taisei Inoue of GMO Cybersecurity by Ierae, Inc. and Yusuke Akagi of Mitsui Bussan Secure Directions, Inc., Shiga Takuma of BroadBand Security, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-000028.html",
"dc:date": "2024-06-06T17:31+09:00",
"dcterms:issued": "2023-03-27T13:39+09:00",
"dcterms:modified": "2024-06-06T17:31+09:00",
"description": "baserCMS provided by baserCMS Users Community allows an authenticated user to upload arbitrary files (CWE-434).\r\n\r\nTaisei Inoue of GMO Cybersecurity by Ierae, Inc. and Yusuke Akagi of Mitsui Bussan Secure Directions, Inc., Shiga Takuma of BroadBand Security, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-000028.html",
"sec:cpe": {
"#text": "cpe:/a:basercms:basercms",
"@product": "baserCMS",
"@vendor": "baserCMS Users Community",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "4.0",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"@version": "2.0"
},
{
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2023-000028",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN61105618/index.html",
"@id": "JVN#61105618",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-25655",
"@id": "CVE-2023-25655",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-25655",
"@id": "CVE-2023-25655",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "baserCMS vulnerable to arbitrary file uploads"
}
jvndb-2022-000094
Vulnerability from jvndb
Published
2022-11-25 13:42
Modified
2024-05-31 18:17
Severity ?
Summary
Multiple cross-site scripting vulnerabilities in baserCMS
Details
baserCMS provided by baserCMS Users Community contains multiple cross-site scripting vulnerabilities listed below.
* Stored cross-site scripting vulnerability in User management (CWE-79) - CVE-2022-39325
* Stored cross-site scripting vulnerability in Permission Settings (CWE-79) - CVE-2022-41994
* Stored cross-site scripting vulnerability in User group management (CWE-79) - CVE-2022-42486
CVE-2022-39325
YUYA KOTAKE of CARTA HOLDINGS, INC. and Shogo Iyota of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
CVE-2022-41994, CVE-2022-42486
Shogo Iyota of Mitsui Bussan Secure Directions, Inc. reported these vulnerabilities to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| Type | URL | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2022/JVNDB-2022-000094.html",
"dc:date": "2024-05-31T18:17+09:00",
"dcterms:issued": "2022-11-25T13:42+09:00",
"dcterms:modified": "2024-05-31T18:17+09:00",
"description": "baserCMS provided by baserCMS Users Community contains multiple cross-site scripting vulnerabilities listed below.\r\n\r\n * Stored cross-site scripting vulnerability in User management (CWE-79) - CVE-2022-39325\r\n * Stored cross-site scripting vulnerability in Permission Settings (CWE-79) - CVE-2022-41994\r\n * Stored cross-site scripting vulnerability in User group management (CWE-79) - CVE-2022-42486\r\n\r\nCVE-2022-39325\r\nYUYA KOTAKE of CARTA HOLDINGS, INC. and Shogo Iyota of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.\r\n\r\nCVE-2022-41994, CVE-2022-42486\r\nShogo Iyota of Mitsui Bussan Secure Directions, Inc. reported these vulnerabilities to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2022/JVNDB-2022-000094.html",
"sec:cpe": {
"#text": "cpe:/a:basercms:basercms",
"@product": "baserCMS",
"@vendor": "baserCMS Users Community",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "3.5",
"@severity": "Low",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"@version": "2.0"
},
{
"@score": "4.8",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2022-000094",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN53682526/index.html",
"@id": "JVN#53682526",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2022-39325",
"@id": "CVE-2022-39325",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2022-41994",
"@id": "CVE-2022-41994",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2022-42486",
"@id": "CVE-2022-42486",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-39325",
"@id": "CVE-2022-39325",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-41994",
"@id": "CVE-2022-41994",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-42486",
"@id": "CVE-2022-42486",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
}
],
"title": "Multiple cross-site scripting vulnerabilities in baserCMS"
}
jvndb-2021-000106
Vulnerability from jvndb
Published
2021-11-26 14:59
Modified
2021-11-26 14:59
Severity ?
Summary
Multiple vulnerabilities in baserCMS
Details
baserCMS provided by baserCMS Users Community contains multiple vulnerabilities listed below.
* OS command injection (CWE-78) - CVE-2021-41243
* Arbitrary code upload vulnerability in Database restore (CWE-434) - CVE-2021-41279
CVE-2021-41243
Akagi Yusuke of NTT-ME CORPORATION reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
CVE-2021-41279
Daniele Scanu of SoterITSecurity reported this vulnerability to baserCMS Users Community and baserCMS Users Community reported it to JPCERT/CC to notify users of the solution through JVN.
References
| Type | URL | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2021/JVNDB-2021-000106.html",
"dc:date": "2021-11-26T14:59+09:00",
"dcterms:issued": "2021-11-26T14:59+09:00",
"dcterms:modified": "2021-11-26T14:59+09:00",
"description": "baserCMS provided by baserCMS Users Community contains multiple vulnerabilities listed below.\r\n\r\n* OS command injection (CWE-78) - CVE-2021-41243\r\n* Arbitrary code upload vulnerability in Database restore (CWE-434) - CVE-2021-41279\r\n\r\nCVE-2021-41243\r\nAkagi Yusuke of NTT-ME CORPORATION reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.\r\n\r\nCVE-2021-41279\r\nDaniele Scanu of SoterITSecurity reported this vulnerability to baserCMS Users Community and baserCMS Users Community reported it to JPCERT/CC to notify users of the solution through JVN.",
"link": "https://jvndb.jvn.jp/en/contents/2021/JVNDB-2021-000106.html",
"sec:cpe": {
"#text": "cpe:/a:basercms:basercms",
"@product": "baserCMS",
"@vendor": "baserCMS Users Community",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "9.0",
"@severity": "High",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"@version": "2.0"
},
{
"@score": "8.8",
"@severity": "High",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2021-000106",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN81376414/index.html",
"@id": "JVN#81376414",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41243",
"@id": "CVE-2021-41243",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41279",
"@id": "CVE-2021-41279",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-41243",
"@id": "CVE-2021-41243",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-41279",
"@id": "CVE-2021-41279",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-78",
"@title": "OS Command Injection(CWE-78)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "Multiple vulnerabilities in baserCMS"
}
jvndb-2021-000080
Vulnerability from jvndb
Published
2021-08-27 13:29
Modified
2021-08-27 13:29
Severity ?
Summary
baserCMS vulnerable to cross-site scripting
Details
baserCMS provided by baserCMS Users Community contains a cross-site scripting vulnerability (CWE-79).
Akagi Yusuke of NTT-ME CORPORATION reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| Type | URL | |
|---|---|---|
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2021/JVNDB-2021-000080.html",
"dc:date": "2021-08-27T13:29+09:00",
"dcterms:issued": "2021-08-27T13:29+09:00",
"dcterms:modified": "2021-08-27T13:29+09:00",
"description": "baserCMS provided by baserCMS Users Community contains a cross-site scripting vulnerability (CWE-79).\r\n\r\nAkagi Yusuke of NTT-ME CORPORATION reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2021/JVNDB-2021-000080.html",
"sec:cpe": {
"#text": "cpe:/a:basercms:basercms",
"@product": "baserCMS",
"@vendor": "baserCMS Users Community",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "3.5",
"@severity": "Low",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"@version": "2.0"
},
{
"@score": "4.8",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2021-000080",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN14134801/index.html",
"@id": "JVN#14134801",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39136",
"@id": "CVE-2021-39136",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-39136",
"@id": "CVE-2021-39136",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
}
],
"title": "baserCMS vulnerable to cross-site scripting"
}
jvndb-2021-000027
Vulnerability from jvndb
Published
2021-03-26 14:25
Modified
2021-03-26 14:25
Severity ?
Summary
Multiple vulnerabilities in baserCMS
Details
baserCMS provided by baserCMS Users Community contains multiple vulnerabilities listed below.
*Improper Neutralization of JavaScript input in the page editing function (CWE-79) - CVE-2021-20681
*OS command injection (CWE-78) - CVE-2021-20682
*Improper Neutralization of JavaScript input in the blog article editing function (CWE-79) - CVE-2021-20683
CVE-2021-20681, CVE-2021-20682
Sho Odagiri of Information Science College reported these vulnerabilities to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
CVE-2021-20683
Yamaguchi Kakeru reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| Type | URL | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2021/JVNDB-2021-000027.html",
"dc:date": "2021-03-26T14:25+09:00",
"dcterms:issued": "2021-03-26T14:25+09:00",
"dcterms:modified": "2021-03-26T14:25+09:00",
"description": "baserCMS provided by baserCMS Users Community contains multiple vulnerabilities listed below.\r\n\r\n*Improper Neutralization of JavaScript input in the page editing function (CWE-79) - CVE-2021-20681\r\n*OS command injection (CWE-78) - CVE-2021-20682\r\n*Improper Neutralization of JavaScript input in the blog article editing function (CWE-79) - CVE-2021-20683\r\n\r\nCVE-2021-20681, CVE-2021-20682\r\nSho Odagiri of Information Science College reported these vulnerabilities to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.\r\n\r\nCVE-2021-20683\r\nYamaguchi Kakeru reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2021/JVNDB-2021-000027.html",
"sec:cpe": {
"#text": "cpe:/a:basercms:basercms",
"@product": "baserCMS",
"@vendor": "baserCMS Users Community",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "3.5",
"@severity": "Low",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"@version": "2.0"
},
{
"@score": "5.4",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2021-000027",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN64869876/index.html",
"@id": "JVN#64869876",
"@source": "JVN"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20681",
"@id": "CVE-2021-20681",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20682",
"@id": "CVE-2021-20682",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20683",
"@id": "CVE-2021-20683",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20681",
"@id": "CVE-2021-20681",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20682",
"@id": "CVE-2021-20682",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20683",
"@id": "CVE-2021-20683",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-78",
"@title": "OS Command Injection(CWE-78)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
}
],
"title": "Multiple vulnerabilities in baserCMS"
}
jvndb-2018-000055
Vulnerability from jvndb
Published
2018-05-22 14:53
Modified
2019-12-27 18:10
Severity ?
Summary
Multiple vulnerabilities in baserCMS
Details
baserCMS provided by baserCMS Users Community is an opensource content management system. baserCMS contains multiple vulnerabilities listed below.
*Command injection (CWE-94) - CVE-2018-0569
*Cross-site scripting (CWE-79) - CVE-2018-0570
*Unrestricted Upload of File with Dangerous Type in upload file management function (CWE-434) - CVE-2018-0571
*Restrict access permissions failure in contents management function (CWE-264) - CVE-2018-0572
*Restrict access permissions failture for a content with a period being public is expired (CWE-264) - CVE-2018-0573
*Cross-site scripting in theme management function (CWE-79) - CVE-2018-0574
*Restrict access permissions failure in the function to attach files in mail form (CWE-264) - CVE-2018-0575
Following researchers reported respective vulnerabilities to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning partnership.
CVE-2018-0569, CVE-2018-0570, CVE-2018-0571, CVE-2018-0572, and CVE-2018-0573
Toshitsugu Yoneyama and Gaku Mochizuki of Mitsui Bussan Secure Directions, Inc.
CVE-2018-0574 and CVE-2018-0575
Gaku Mochizuki of Mitsui Bussan Secure Directions, Inc.
References
| Type | URL | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2018/JVNDB-2018-000055.html",
"dc:date": "2019-12-27T18:10+09:00",
"dcterms:issued": "2018-05-22T14:53+09:00",
"dcterms:modified": "2019-12-27T18:10+09:00",
"description": "baserCMS provided by baserCMS Users Community is an opensource content management system. baserCMS contains multiple vulnerabilities listed below. \r\n\r\n*Command injection (CWE-94) - CVE-2018-0569 \r\n*Cross-site scripting (CWE-79) - CVE-2018-0570 \r\n*Unrestricted Upload of File with Dangerous Type in upload file management function (CWE-434) - CVE-2018-0571 \r\n*Restrict access permissions failure in contents management function (CWE-264) - CVE-2018-0572 \r\n*Restrict access permissions failture for a content with a period being public is expired (CWE-264) - CVE-2018-0573 \r\n*Cross-site scripting in theme management function (CWE-79) - CVE-2018-0574 \r\n*Restrict access permissions failure in the function to attach files in mail form (CWE-264) - CVE-2018-0575 \r\n\r\nFollowing researchers reported respective vulnerabilities to IPA.\r\n JPCERT/CC coordinated with the developer under Information Security Early Warning partnership.\r\n\r\n CVE-2018-0569, CVE-2018-0570, CVE-2018-0571, CVE-2018-0572, and CVE-2018-0573\r\n Toshitsugu Yoneyama and Gaku Mochizuki of Mitsui Bussan Secure Directions, Inc.\r\n\r\n CVE-2018-0574 and CVE-2018-0575\r\n Gaku Mochizuki of Mitsui Bussan Secure Directions, Inc.",
"link": "https://jvndb.jvn.jp/en/contents/2018/JVNDB-2018-000055.html",
"sec:cpe": {
"#text": "cpe:/a:basercms:basercms",
"@product": "baserCMS",
"@vendor": "baserCMS Users Community",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "6.5",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"@version": "2.0"
},
{
"@score": "6.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2018-000055",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN67881316/index.html",
"@id": "JVN#67881316",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0569",
"@id": "CVE-2018-0569",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0570",
"@id": "CVE-2018-0570",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0571",
"@id": "CVE-2018-0571",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0572",
"@id": "CVE-2018-0572",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0573",
"@id": "CVE-2018-0573",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0574",
"@id": "CVE-2018-0574",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0575",
"@id": "CVE-2018-0575",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2018-0569",
"@id": "CVE-2018-0569",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2018-0570",
"@id": "CVE-2018-0570",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2018-0571",
"@id": "CVE-2018-0571",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2018-0572",
"@id": "CVE-2018-0572",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2018-0573",
"@id": "CVE-2018-0573",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2018-0574",
"@id": "CVE-2018-0574",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2018-0575",
"@id": "CVE-2018-0575",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-264",
"@title": "Permissions(CWE-264)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-94",
"@title": "Code Injection(CWE-94)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "Multiple vulnerabilities in baserCMS"
}
jvndb-2017-000203
Vulnerability from jvndb
Published
2017-08-25 14:50
Modified
2018-02-28 11:45
Severity ?
Summary
Multiple vulnerabilities in baserCMS
Details
baserCMS provided by baserCMS Users Community contains multiple vulnerabilities listed below.
* SQL injection (CWE-89) - CVE-2017-10842
* Arbitary files may be deleted - CVE-2017-10843
* Arbitary PHP code execution - CVE-2017-10844
Shoji Baba reported the vulnerabilities to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| Type | URL | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000203.html",
"dc:date": "2018-02-28T11:45+09:00",
"dcterms:issued": "2017-08-25T14:50+09:00",
"dcterms:modified": "2018-02-28T11:45+09:00",
"description": "baserCMS provided by baserCMS Users Community contains multiple vulnerabilities listed below. \r\n\r\n * SQL injection (CWE-89) - CVE-2017-10842\r\n * Arbitary files may be deleted - CVE-2017-10843\r\n * Arbitary PHP code execution - CVE-2017-10844\r\n\r\nShoji Baba reported the vulnerabilities to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000203.html",
"sec:cpe": {
"#text": "cpe:/a:basercms:basercms",
"@product": "baserCMS",
"@vendor": "baserCMS Users Community",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "7.5",
"@severity": "High",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"@version": "2.0"
},
{
"@score": "7.3",
"@severity": "High",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2017-000203",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN78151490/index.html",
"@id": "JVN#78151490",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10842",
"@id": "CVE-2017-10842",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10843",
"@id": "CVE-2017-10843",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10844",
"@id": "CVE-2017-10844",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2017-10842",
"@id": "CVE-2017-10842",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2017-10843",
"@id": "CVE-2017-10843",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2017-10844",
"@id": "CVE-2017-10844",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-20",
"@title": "Improper Input Validation(CWE-20)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-89",
"@title": "SQL Injection(CWE-89)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-94",
"@title": "Code Injection(CWE-94)"
}
],
"title": "Multiple vulnerabilities in baserCMS"
}
jvndb-2016-000178
Vulnerability from jvndb
Published
2016-09-29 16:04
Modified
2017-11-27 16:37
Severity ?
Summary
baserCMS vulnerable to cross-site request forgery
Details
baserCMS provided by baserCMS User Group is an opensource content management system. baserCMS contains a cross-site request forgery vulnerability.
Masamu Asato of National Institute of Technology, Okinawa College reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| Type | URL | |
|---|---|---|
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000178.html",
"dc:date": "2017-11-27T16:37+09:00",
"dcterms:issued": "2016-09-29T16:04+09:00",
"dcterms:modified": "2017-11-27T16:37+09:00",
"description": "baserCMS provided by baserCMS User Group is an opensource content management system. baserCMS contains a cross-site request forgery vulnerability.\r\n\r\nMasamu Asato of National Institute of Technology, Okinawa College reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000178.html",
"sec:cpe": {
"#text": "cpe:/a:basercms:basercms",
"@product": "baserCMS",
"@vendor": "baserCMS Users Community",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "4.0",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N",
"@version": "2.0"
},
{
"@score": "5.4",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2016-000178",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN92765814/index.html",
"@id": "JVN#92765814",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4882",
"@id": "CVE-2016-4882",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2016-4882",
"@id": "CVE-2016-4882",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-352",
"@title": "Cross-Site Request Forgery(CWE-352)"
}
],
"title": "baserCMS vulnerable to cross-site request forgery"
}
CVE-2022-41994 (GCVE-0-2022-41994)
Vulnerability from cvelistv5
Published
2022-12-07 00:00
Modified
2025-04-23 14:28
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Cross-site scripting
Summary
Stored cross-site scripting vulnerability in Permission Settings of baserCMS versions prior to 4.7.2 allows a remote authenticated attacker with an administrative privilege to inject an arbitrary script.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| baserCMS Users Community | baserCMS |
Version: versions prior to 4.7.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T12:56:39.236Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://basercms.net/security/JVN_53682526"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN53682526/index.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-41994",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T14:27:38.334790Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-23T14:28:32.166Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "baserCMS",
"vendor": "baserCMS Users Community",
"versions": [
{
"status": "affected",
"version": "versions prior to 4.7.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Stored cross-site scripting vulnerability in Permission Settings of baserCMS versions prior to 4.7.2 allows a remote authenticated attacker with an administrative privilege to inject an arbitrary script."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-07T00:00:00.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://basercms.net/security/JVN_53682526"
},
{
"url": "https://jvn.jp/en/jp/JVN53682526/index.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2022-41994",
"datePublished": "2022-12-07T00:00:00.000Z",
"dateReserved": "2022-10-22T00:00:00.000Z",
"dateUpdated": "2025-04-23T14:28:32.166Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-42486 (GCVE-0-2022-42486)
Vulnerability from cvelistv5
Published
2022-12-07 00:00
Modified
2025-04-23 16:02
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Cross-site scripting
Summary
Stored cross-site scripting vulnerability in User group management of baserCMS versions prior to 4.7.2 allows a remote authenticated attacker with an administrative privilege to inject an arbitrary script.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| baserCMS Users Community | baserCMS |
Version: versions prior to 4.7.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T13:10:40.919Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://basercms.net/security/JVN_53682526"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN53682526/index.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-42486",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T16:01:40.424230Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-23T16:02:53.115Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "baserCMS",
"vendor": "baserCMS Users Community",
"versions": [
{
"status": "affected",
"version": "versions prior to 4.7.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Stored cross-site scripting vulnerability in User group management of baserCMS versions prior to 4.7.2 allows a remote authenticated attacker with an administrative privilege to inject an arbitrary script."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-07T00:00:00.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://basercms.net/security/JVN_53682526"
},
{
"url": "https://jvn.jp/en/jp/JVN53682526/index.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2022-42486",
"datePublished": "2022-12-07T00:00:00.000Z",
"dateReserved": "2022-10-22T00:00:00.000Z",
"dateUpdated": "2025-04-23T16:02:53.115Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-20683 (GCVE-0-2021-20683)
Vulnerability from cvelistv5
Published
2021-03-26 08:50
Modified
2024-08-03 17:45
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
Improper neutralization of JavaScript input in the blog article editing function of baserCMS versions prior to 4.4.5 allows remote authenticated attackers to inject an arbitrary script via unspecified vectors.
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| baserCMS Users Community | baserCMS |
Version: versions prior to 4.4.5 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:45:45.450Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://basercms.net/security/JVN64869876"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN64869876/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "baserCMS",
"vendor": "baserCMS Users Community",
"versions": [
{
"status": "affected",
"version": "versions prior to 4.4.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper neutralization of JavaScript input in the blog article editing function of baserCMS versions prior to 4.4.5 allows remote authenticated attackers to inject an arbitrary script via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-03-26T08:50:28.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://basercms.net/security/JVN64869876"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN64869876/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2021-20683",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "baserCMS",
"version": {
"version_data": [
{
"version_value": "versions prior to 4.4.5"
}
]
}
}
]
},
"vendor_name": "baserCMS Users Community"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper neutralization of JavaScript input in the blog article editing function of baserCMS versions prior to 4.4.5 allows remote authenticated attackers to inject an arbitrary script via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://basercms.net/security/JVN64869876",
"refsource": "MISC",
"url": "https://basercms.net/security/JVN64869876"
},
{
"name": "https://jvn.jp/en/jp/JVN64869876/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN64869876/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2021-20683",
"datePublished": "2021-03-26T08:50:29.000Z",
"dateReserved": "2020-12-17T00:00:00.000Z",
"dateUpdated": "2024-08-03T17:45:45.450Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-20682 (GCVE-0-2021-20682)
Vulnerability from cvelistv5
Published
2021-03-26 08:50
Modified
2024-08-03 17:45
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- OS Command Injection
Summary
baserCMS versions prior to 4.4.5 allows a remote attacker with an administrative privilege to execute arbitrary OS commands via unspecified vectors.
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| baserCMS Users Community | baserCMS |
Version: versions prior to 4.4.5 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:45:45.157Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://basercms.net/security/JVN64869876"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN64869876/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "baserCMS",
"vendor": "baserCMS Users Community",
"versions": [
{
"status": "affected",
"version": "versions prior to 4.4.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "baserCMS versions prior to 4.4.5 allows a remote attacker with an administrative privilege to execute arbitrary OS commands via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "OS Command Injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-03-26T08:50:28.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://basercms.net/security/JVN64869876"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN64869876/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2021-20682",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "baserCMS",
"version": {
"version_data": [
{
"version_value": "versions prior to 4.4.5"
}
]
}
}
]
},
"vendor_name": "baserCMS Users Community"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "baserCMS versions prior to 4.4.5 allows a remote attacker with an administrative privilege to execute arbitrary OS commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "OS Command Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://basercms.net/security/JVN64869876",
"refsource": "MISC",
"url": "https://basercms.net/security/JVN64869876"
},
{
"name": "https://jvn.jp/en/jp/JVN64869876/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN64869876/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2021-20682",
"datePublished": "2021-03-26T08:50:28.000Z",
"dateReserved": "2020-12-17T00:00:00.000Z",
"dateUpdated": "2024-08-03T17:45:45.157Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-20681 (GCVE-0-2021-20681)
Vulnerability from cvelistv5
Published
2021-03-26 08:50
Modified
2024-08-03 17:45
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
Improper neutralization of JavaScript input in the page editing function of baserCMS versions prior to 4.4.5 allows remote authenticated attackers to inject an arbitrary script via unspecified vectors.
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| baserCMS Users Community | baserCMS |
Version: versions prior to 4.4.5 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:45:45.212Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://basercms.net/security/JVN64869876"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN64869876/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "baserCMS",
"vendor": "baserCMS Users Community",
"versions": [
{
"status": "affected",
"version": "versions prior to 4.4.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper neutralization of JavaScript input in the page editing function of baserCMS versions prior to 4.4.5 allows remote authenticated attackers to inject an arbitrary script via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-03-26T08:50:27.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://basercms.net/security/JVN64869876"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN64869876/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2021-20681",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "baserCMS",
"version": {
"version_data": [
{
"version_value": "versions prior to 4.4.5"
}
]
}
}
]
},
"vendor_name": "baserCMS Users Community"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper neutralization of JavaScript input in the page editing function of baserCMS versions prior to 4.4.5 allows remote authenticated attackers to inject an arbitrary script via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://basercms.net/security/JVN64869876",
"refsource": "MISC",
"url": "https://basercms.net/security/JVN64869876"
},
{
"name": "https://jvn.jp/en/jp/JVN64869876/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN64869876/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2021-20681",
"datePublished": "2021-03-26T08:50:27.000Z",
"dateReserved": "2020-12-17T00:00:00.000Z",
"dateUpdated": "2024-08-03T17:45:45.212Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-0569 (GCVE-0-2018-0569)
Vulnerability from cvelistv5
Published
2018-06-26 14:00
Modified
2024-08-05 03:28
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- OS Command Injection
Summary
baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote authenticated attackers to execute arbitrary OS commands via unspecified vectors.
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| baserCMS Users Community | baserCMS |
Version: (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:28:11.186Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://basercms.net/security/JVN67881316"
},
{
"name": "JVN#67881316",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN67881316/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "baserCMS",
"vendor": "baserCMS Users Community",
"versions": [
{
"status": "affected",
"version": "(baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions)"
}
]
}
],
"datePublic": "2018-06-26T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote authenticated attackers to execute arbitrary OS commands via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "OS Command Injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-06-26T13:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://basercms.net/security/JVN67881316"
},
{
"name": "JVN#67881316",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN67881316/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2018-0569",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "baserCMS",
"version": {
"version_data": [
{
"version_value": "(baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions)"
}
]
}
}
]
},
"vendor_name": "baserCMS Users Community"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote authenticated attackers to execute arbitrary OS commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "OS Command Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://basercms.net/security/JVN67881316",
"refsource": "MISC",
"url": "https://basercms.net/security/JVN67881316"
},
{
"name": "JVN#67881316",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN67881316/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2018-0569",
"datePublished": "2018-06-26T14:00:00.000Z",
"dateReserved": "2017-11-27T00:00:00.000Z",
"dateUpdated": "2024-08-05T03:28:11.186Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-0572 (GCVE-0-2018-0572)
Vulnerability from cvelistv5
Published
2018-06-26 14:00
Modified
2024-08-05 03:28
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Fails to restrict access
Summary
baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote authenticated attackers to bypass access restriction to view or alter a restricted content via unspecified vectors.
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| baserCMS Users Community | baserCMS |
Version: (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:28:11.141Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://basercms.net/security/JVN67881316"
},
{
"name": "JVN#67881316",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN67881316/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "baserCMS",
"vendor": "baserCMS Users Community",
"versions": [
{
"status": "affected",
"version": "(baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions)"
}
]
}
],
"datePublic": "2018-06-26T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote authenticated attackers to bypass access restriction to view or alter a restricted content via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Fails to restrict access",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-06-26T13:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://basercms.net/security/JVN67881316"
},
{
"name": "JVN#67881316",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN67881316/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2018-0572",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "baserCMS",
"version": {
"version_data": [
{
"version_value": "(baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions)"
}
]
}
}
]
},
"vendor_name": "baserCMS Users Community"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote authenticated attackers to bypass access restriction to view or alter a restricted content via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Fails to restrict access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://basercms.net/security/JVN67881316",
"refsource": "MISC",
"url": "https://basercms.net/security/JVN67881316"
},
{
"name": "JVN#67881316",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN67881316/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2018-0572",
"datePublished": "2018-06-26T14:00:00.000Z",
"dateReserved": "2017-11-27T00:00:00.000Z",
"dateUpdated": "2024-08-05T03:28:11.141Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-0573 (GCVE-0-2018-0573)
Vulnerability from cvelistv5
Published
2018-06-26 14:00
Modified
2024-08-05 03:28
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Fails to restrict access
Summary
baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote attackers to bypass access restriction for a content to view a file which is uploaded by a site user via unspecified vectors.
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| baserCMS Users Community | baserCMS |
Version: (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:28:11.145Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://basercms.net/security/JVN67881316"
},
{
"name": "JVN#67881316",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN67881316/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "baserCMS",
"vendor": "baserCMS Users Community",
"versions": [
{
"status": "affected",
"version": "(baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions)"
}
]
}
],
"datePublic": "2018-06-26T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote attackers to bypass access restriction for a content to view a file which is uploaded by a site user via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Fails to restrict access",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-06-26T13:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://basercms.net/security/JVN67881316"
},
{
"name": "JVN#67881316",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN67881316/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2018-0573",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "baserCMS",
"version": {
"version_data": [
{
"version_value": "(baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions)"
}
]
}
}
]
},
"vendor_name": "baserCMS Users Community"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote attackers to bypass access restriction for a content to view a file which is uploaded by a site user via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Fails to restrict access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://basercms.net/security/JVN67881316",
"refsource": "MISC",
"url": "https://basercms.net/security/JVN67881316"
},
{
"name": "JVN#67881316",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN67881316/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2018-0573",
"datePublished": "2018-06-26T14:00:00.000Z",
"dateReserved": "2017-11-27T00:00:00.000Z",
"dateUpdated": "2024-08-05T03:28:11.145Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-0574 (GCVE-0-2018-0574)
Vulnerability from cvelistv5
Published
2018-06-26 14:00
Modified
2024-08-05 03:28
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Cross-site scripting
Summary
Cross-site scripting vulnerability in baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| baserCMS Users Community | baserCMS |
Version: (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:28:11.127Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://basercms.net/security/JVN67881316"
},
{
"name": "JVN#67881316",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN67881316/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "baserCMS",
"vendor": "baserCMS Users Community",
"versions": [
{
"status": "affected",
"version": "(baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions)"
}
]
}
],
"datePublic": "2018-06-26T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-06-26T13:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://basercms.net/security/JVN67881316"
},
{
"name": "JVN#67881316",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN67881316/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2018-0574",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "baserCMS",
"version": {
"version_data": [
{
"version_value": "(baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions)"
}
]
}
}
]
},
"vendor_name": "baserCMS Users Community"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://basercms.net/security/JVN67881316",
"refsource": "MISC",
"url": "https://basercms.net/security/JVN67881316"
},
{
"name": "JVN#67881316",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN67881316/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2018-0574",
"datePublished": "2018-06-26T14:00:00.000Z",
"dateReserved": "2017-11-27T00:00:00.000Z",
"dateUpdated": "2024-08-05T03:28:11.127Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-0570 (GCVE-0-2018-0570)
Vulnerability from cvelistv5
Published
2018-06-26 14:00
Modified
2024-08-05 03:28
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Cross-site scripting
Summary
Cross-site scripting vulnerability in baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| baserCMS Users Community | baserCMS |
Version: (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:28:11.123Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://basercms.net/security/JVN67881316"
},
{
"name": "JVN#67881316",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN67881316/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "baserCMS",
"vendor": "baserCMS Users Community",
"versions": [
{
"status": "affected",
"version": "(baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions)"
}
]
}
],
"datePublic": "2018-06-26T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-06-26T13:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://basercms.net/security/JVN67881316"
},
{
"name": "JVN#67881316",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN67881316/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2018-0570",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "baserCMS",
"version": {
"version_data": [
{
"version_value": "(baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions)"
}
]
}
}
]
},
"vendor_name": "baserCMS Users Community"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://basercms.net/security/JVN67881316",
"refsource": "MISC",
"url": "https://basercms.net/security/JVN67881316"
},
{
"name": "JVN#67881316",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN67881316/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2018-0570",
"datePublished": "2018-06-26T14:00:00.000Z",
"dateReserved": "2017-11-27T00:00:00.000Z",
"dateUpdated": "2024-08-05T03:28:11.123Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-0571 (GCVE-0-2018-0571)
Vulnerability from cvelistv5
Published
2018-06-26 14:00
Modified
2024-08-05 03:28
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Unrestricted Upload of File with Dangerous Type
Summary
baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote attackers with a site operator privilege to upload arbitrary files.
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| baserCMS Users Community | baserCMS |
Version: (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:28:11.168Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://basercms.net/security/JVN67881316"
},
{
"name": "JVN#67881316",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN67881316/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "baserCMS",
"vendor": "baserCMS Users Community",
"versions": [
{
"status": "affected",
"version": "(baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions)"
}
]
}
],
"datePublic": "2018-06-26T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote attackers with a site operator privilege to upload arbitrary files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-06-26T13:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://basercms.net/security/JVN67881316"
},
{
"name": "JVN#67881316",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN67881316/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2018-0571",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "baserCMS",
"version": {
"version_data": [
{
"version_value": "(baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions)"
}
]
}
}
]
},
"vendor_name": "baserCMS Users Community"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote attackers with a site operator privilege to upload arbitrary files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Unrestricted Upload of File with Dangerous Type"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://basercms.net/security/JVN67881316",
"refsource": "MISC",
"url": "https://basercms.net/security/JVN67881316"
},
{
"name": "JVN#67881316",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN67881316/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2018-0571",
"datePublished": "2018-06-26T14:00:00.000Z",
"dateReserved": "2017-11-27T00:00:00.000Z",
"dateUpdated": "2024-08-05T03:28:11.168Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-0575 (GCVE-0-2018-0575)
Vulnerability from cvelistv5
Published
2018-06-26 14:00
Modified
2024-08-05 03:28
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Fails to restrict access
Summary
baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote attackers to bypass access restriction in mail form to view a file which is uploaded by a site user via unspecified vectors.
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| baserCMS Users Community | baserCMS |
Version: (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:28:11.082Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://basercms.net/security/JVN67881316"
},
{
"name": "JVN#67881316",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN67881316/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "baserCMS",
"vendor": "baserCMS Users Community",
"versions": [
{
"status": "affected",
"version": "(baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions)"
}
]
}
],
"datePublic": "2018-06-26T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote attackers to bypass access restriction in mail form to view a file which is uploaded by a site user via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Fails to restrict access",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-06-26T13:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://basercms.net/security/JVN67881316"
},
{
"name": "JVN#67881316",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN67881316/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2018-0575",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "baserCMS",
"version": {
"version_data": [
{
"version_value": "(baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions)"
}
]
}
}
]
},
"vendor_name": "baserCMS Users Community"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote attackers to bypass access restriction in mail form to view a file which is uploaded by a site user via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Fails to restrict access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://basercms.net/security/JVN67881316",
"refsource": "MISC",
"url": "https://basercms.net/security/JVN67881316"
},
{
"name": "JVN#67881316",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN67881316/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2018-0575",
"datePublished": "2018-06-26T14:00:00.000Z",
"dateReserved": "2017-11-27T00:00:00.000Z",
"dateUpdated": "2024-08-05T03:28:11.082Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-10842 (GCVE-0-2017-10842)
Vulnerability from cvelistv5
Published
2017-08-28 20:00
Modified
2024-08-05 17:50
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- SQL Injection
Summary
SQL injection vulnerability in the baserCMS 3.0.14 and earlier, 4.0.5 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| baserCMS Users Community | baserCMS |
Version: 3.0.14 and earlier Version: 4.0.5 and earlier |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:50:12.539Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://basercms.net/security/JVN78151490"
},
{
"name": "JVN#78151490",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN78151490/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "baserCMS",
"vendor": "baserCMS Users Community",
"versions": [
{
"status": "affected",
"version": "3.0.14 and earlier"
},
{
"status": "affected",
"version": "4.0.5 and earlier"
}
]
}
],
"datePublic": "2017-08-28T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the baserCMS 3.0.14 and earlier, 4.0.5 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "SQL Injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T19:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://basercms.net/security/JVN78151490"
},
{
"name": "JVN#78151490",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN78151490/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2017-10842",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "baserCMS",
"version": {
"version_data": [
{
"version_value": "3.0.14 and earlier"
},
{
"version_value": "4.0.5 and earlier"
}
]
}
}
]
},
"vendor_name": "baserCMS Users Community"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the baserCMS 3.0.14 and earlier, 4.0.5 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "SQL Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://basercms.net/security/JVN78151490",
"refsource": "MISC",
"url": "https://basercms.net/security/JVN78151490"
},
{
"name": "JVN#78151490",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN78151490/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2017-10842",
"datePublished": "2017-08-28T20:00:00.000Z",
"dateReserved": "2017-07-04T00:00:00.000Z",
"dateUpdated": "2024-08-05T17:50:12.539Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-10843 (GCVE-0-2017-10843)
Vulnerability from cvelistv5
Published
2017-08-28 20:00
Modified
2024-08-05 17:50
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Arbitrary File Deletion
Summary
baserCMS version 3.0.14 and earlier, 4.0.5 and earlier allows remote attackers to delete arbitrary files via unspecified vectors when the "File" field is being used in the mail form.
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| baserCMS Users Community | baserCMS |
Version: 3.0.14 and earlier Version: 4.0.5 and earlier |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:50:12.626Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://basercms.net/security/JVN78151490"
},
{
"name": "JVN#78151490",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN78151490/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "baserCMS",
"vendor": "baserCMS Users Community",
"versions": [
{
"status": "affected",
"version": "3.0.14 and earlier"
},
{
"status": "affected",
"version": "4.0.5 and earlier"
}
]
}
],
"datePublic": "2017-08-28T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "baserCMS version 3.0.14 and earlier, 4.0.5 and earlier allows remote attackers to delete arbitrary files via unspecified vectors when the \"File\" field is being used in the mail form."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Arbitrary File Deletion",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T19:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://basercms.net/security/JVN78151490"
},
{
"name": "JVN#78151490",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN78151490/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2017-10843",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "baserCMS",
"version": {
"version_data": [
{
"version_value": "3.0.14 and earlier"
},
{
"version_value": "4.0.5 and earlier"
}
]
}
}
]
},
"vendor_name": "baserCMS Users Community"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "baserCMS version 3.0.14 and earlier, 4.0.5 and earlier allows remote attackers to delete arbitrary files via unspecified vectors when the \"File\" field is being used in the mail form."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Arbitrary File Deletion"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://basercms.net/security/JVN78151490",
"refsource": "MISC",
"url": "https://basercms.net/security/JVN78151490"
},
{
"name": "JVN#78151490",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN78151490/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2017-10843",
"datePublished": "2017-08-28T20:00:00.000Z",
"dateReserved": "2017-07-04T00:00:00.000Z",
"dateUpdated": "2024-08-05T17:50:12.626Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-4878 (GCVE-0-2016-4878)
Vulnerability from cvelistv5
Published
2017-05-12 18:00
Modified
2024-08-06 00:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Cross-site request forgery
Summary
Cross-site request forgery (CSRF) vulnerability in baserCMS version 3.0.10 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| baserCMS Users Community | baserCMS |
Version: version 3.0.10 and earlier |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:46:38.553Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://basercms.net/security/JVN92765814"
},
{
"name": "JVN#92765814",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN92765814/index.html"
},
{
"name": "93217",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/93217"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "baserCMS",
"vendor": "baserCMS Users Community",
"versions": [
{
"status": "affected",
"version": "version 3.0.10 and earlier"
}
]
}
],
"datePublic": "2016-09-29T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in baserCMS version 3.0.10 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site request forgery",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-05-15T09:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://basercms.net/security/JVN92765814"
},
{
"name": "JVN#92765814",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN92765814/index.html"
},
{
"name": "93217",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/93217"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2016-4878",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "baserCMS",
"version": {
"version_data": [
{
"version_value": "version 3.0.10 and earlier"
}
]
}
}
]
},
"vendor_name": "baserCMS Users Community"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in baserCMS version 3.0.10 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site request forgery"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://basercms.net/security/JVN92765814",
"refsource": "CONFIRM",
"url": "http://basercms.net/security/JVN92765814"
},
{
"name": "JVN#92765814",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN92765814/index.html"
},
{
"name": "93217",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93217"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2016-4878",
"datePublished": "2017-05-12T18:00:00.000Z",
"dateReserved": "2016-05-17T00:00:00.000Z",
"dateUpdated": "2024-08-06T00:46:38.553Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-4883 (GCVE-0-2016-4883)
Vulnerability from cvelistv5
Published
2017-05-12 18:00
Modified
2024-08-06 00:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Cross-site scripting
Summary
Cross-site scripting vulnerability in baserCMS version 3.0.10 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| baserCMS Users Community | baserCMS |
Version: version 3.0.10 and earlier |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:46:39.208Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://basercms.net/security/JVN92765814"
},
{
"name": "JVN#92765814",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN92765814/index.html"
},
{
"name": "93217",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/93217"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "baserCMS",
"vendor": "baserCMS Users Community",
"versions": [
{
"status": "affected",
"version": "version 3.0.10 and earlier"
}
]
}
],
"datePublic": "2016-09-29T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in baserCMS version 3.0.10 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-05-15T09:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://basercms.net/security/JVN92765814"
},
{
"name": "JVN#92765814",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN92765814/index.html"
},
{
"name": "93217",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/93217"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2016-4883",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "baserCMS",
"version": {
"version_data": [
{
"version_value": "version 3.0.10 and earlier"
}
]
}
}
]
},
"vendor_name": "baserCMS Users Community"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in baserCMS version 3.0.10 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://basercms.net/security/JVN92765814",
"refsource": "CONFIRM",
"url": "http://basercms.net/security/JVN92765814"
},
{
"name": "JVN#92765814",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN92765814/index.html"
},
{
"name": "93217",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93217"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2016-4883",
"datePublished": "2017-05-12T18:00:00.000Z",
"dateReserved": "2016-05-17T00:00:00.000Z",
"dateUpdated": "2024-08-06T00:46:39.208Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-4876 (GCVE-0-2016-4876)
Vulnerability from cvelistv5
Published
2017-05-12 18:00
Modified
2024-08-06 00:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Cross-site request forgery
Summary
Cross-site request forgery (CSRF) vulnerability in baserCMS version 3.0.10 and earlier allows remote attackers to hijack the authentication of administrators to execute arbitrary PHP code via unspecified vectors.
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| baserCMS Users Community | baserCMS |
Version: version 3.0.10 and earlier |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:46:39.229Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#92765814",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN92765814/index.html"
},
{
"name": "93217",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/93217"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://basercms.net/security/JVN92765814"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "baserCMS",
"vendor": "baserCMS Users Community",
"versions": [
{
"status": "affected",
"version": "version 3.0.10 and earlier"
}
]
}
],
"datePublic": "2016-09-29T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in baserCMS version 3.0.10 and earlier allows remote attackers to hijack the authentication of administrators to execute arbitrary PHP code via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site request forgery",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-05-15T09:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#92765814",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN92765814/index.html"
},
{
"name": "93217",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/93217"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://basercms.net/security/JVN92765814"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2016-4876",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "baserCMS",
"version": {
"version_data": [
{
"version_value": "version 3.0.10 and earlier"
}
]
}
}
]
},
"vendor_name": "baserCMS Users Community"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in baserCMS version 3.0.10 and earlier allows remote attackers to hijack the authentication of administrators to execute arbitrary PHP code via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site request forgery"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#92765814",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN92765814/index.html"
},
{
"name": "93217",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93217"
},
{
"name": "http://basercms.net/security/JVN92765814",
"refsource": "MISC",
"url": "http://basercms.net/security/JVN92765814"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2016-4876",
"datePublished": "2017-05-12T18:00:00.000Z",
"dateReserved": "2016-05-17T00:00:00.000Z",
"dateUpdated": "2024-08-06T00:46:39.229Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-4882 (GCVE-0-2016-4882)
Vulnerability from cvelistv5
Published
2017-05-12 18:00
Modified
2024-08-06 00:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Cross-site request forgery
Summary
Cross-site request forgery (CSRF) vulnerability in baserCMS version 3.0.10 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| baserCMS Users Community | baserCMS |
Version: version 3.0.10 and earlier |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:46:39.381Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://basercms.net/security/JVN92765814"
},
{
"name": "JVN#92765814",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN92765814/index.html"
},
{
"name": "93217",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/93217"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "baserCMS",
"vendor": "baserCMS Users Community",
"versions": [
{
"status": "affected",
"version": "version 3.0.10 and earlier"
}
]
}
],
"datePublic": "2016-09-29T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in baserCMS version 3.0.10 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site request forgery",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-05-15T09:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://basercms.net/security/JVN92765814"
},
{
"name": "JVN#92765814",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN92765814/index.html"
},
{
"name": "93217",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/93217"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2016-4882",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "baserCMS",
"version": {
"version_data": [
{
"version_value": "version 3.0.10 and earlier"
}
]
}
}
]
},
"vendor_name": "baserCMS Users Community"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in baserCMS version 3.0.10 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site request forgery"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://basercms.net/security/JVN92765814",
"refsource": "CONFIRM",
"url": "http://basercms.net/security/JVN92765814"
},
{
"name": "JVN#92765814",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN92765814/index.html"
},
{
"name": "93217",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93217"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2016-4882",
"datePublished": "2017-05-12T18:00:00.000Z",
"dateReserved": "2016-05-17T00:00:00.000Z",
"dateUpdated": "2024-08-06T00:46:39.381Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}