Security Advisories - baserproject/basercms

baserproject/basercms Security Advisories for 3.0.9.1 (38)

[HIGH] baserCMS has a Cross-site Scripting (XSS) Vulnerability in Edit Email Form Settings Feature

PKSA-vwf1-pc89-hwmm CVE-2024-46998 GHSA-p3m2-mj3j-j49x

Affected version: <=5.1.1

Reported by:
GitHub
[MEDIUM] baserCMS has a Cross-site Scripting (XSS) Vulnerability in Blog posts Feature

PKSA-2n26-3nmt-wj9x CVE-2024-46996 GHSA-66jv-qrm3-vvfg

Affected version: <=5.1.1

Reported by:
GitHub
[MEDIUM] baserCMS has a Cross-site Scripting (XSS) Vulnerability in HTTP 400 Bad Request

PKSA-p655-dyj9-4mvs CVE-2024-46995 GHSA-mr7q-fv7j-jcgv

Affected version: <=5.1.1

Reported by:
GitHub
[MEDIUM] baserCMS has a Cross-site Scripting (XSS) Vulnerability in Blog posts and Contents list Feature

PKSA-xcdb-2rf5-69bx CVE-2024-46994 GHSA-wrjc-fmfq-w3jr

Affected version: <=5.1.1

Reported by:
GitHub
[MEDIUM] baserCMS Cross-site Scripting vulnerability in Site search Feature

PKSA-mwdp-p7zx-ctg9 CVE-2023-44379 GHSA-66c2-p8rh-qx87

Affected version: <5.0.9

Reported by:
GitHub
[MEDIUM] baserCMS OS command injection vulnerability in Installer

PKSA-8rh3-g94s-b7nm CVE-2023-51450 GHSA-77fc-4cv5-hmfr

Affected version: <5.0.9

Reported by:
GitHub
[MEDIUM] baserCMS Cross-site Scripting vulnerability in Content Management

PKSA-6q5n-gkcc-h3dr CVE-2024-26128 GHSA-jjxq-m8h3-4vw5

Affected version: <5.0.9

Reported by:
GitHub
[MEDIUM] baserCMS CSRF vulnerability in Content preview Feature

PKSA-nxwy-9p2v-qc9n CVE-2023-43649 GHSA-fw9x-cqjq-7jx5

Affected version: <4.8.0

Reported by:
GitHub
[MEDIUM] baserCMS Directory Traversal vulnerability in Form submission data management Feature

PKSA-22d5-943w-6dy7 CVE-2023-43648 GHSA-hmqj-gv2m-hq55

Affected version: <4.8.0

Reported by:
GitHub
[MEDIUM] baserCMS Cross-site Scripting vulnerability in File upload Feature

PKSA-bxhm-kd8v-fz1m CVE-2023-43647 GHSA-ggj4-78rm-6xgv

Affected version: <4.8.0

Reported by:
GitHub
[MEDIUM] baserCMS Cross-site Scripting Vulnerability in Favorites Feature

PKSA-fcwx-h4gs-44bz CVE-2023-29009 GHSA-8vqx-prq4-rqrq

Affected version: <4.8.0

Reported by:
GitHub
[CRITICAL] baserCMS allows any file to be uploaded

PKSA-986w-k86s-1jm5 CVE-2023-25655 GHSA-mfvg-qwcw-qvc8

Affected version: <4.7.5

Reported by:
GitHub
[CRITICAL] baserCMS File Uploader Remote Code Execution (RCE) vulnerability

PKSA-by4q-b96z-rq2t CVE-2023-25654 GHSA-h4cc-fxpp-pgw9

Affected version: <4.7.5

Reported by:
GitHub
[MEDIUM] baserCMS vulnerable to stored Cross-site Scripting

PKSA-6fzq-jkcg-kvtm CVE-2022-42486 GHSA-7w2v-35j3-xrm9

Affected version: <4.7.2

Reported by:
GitHub
[MEDIUM] baserCMS vulnerable to stored Cross-site Scripting

PKSA-rfzx-7pgr-3782 CVE-2022-41994 GHSA-vxwf-79ch-f7f7

Affected version: <4.7.2

Reported by:
GitHub
[MEDIUM] baserproject/basercms vulnerable to cross-site scripting (XSS) vulnerability

PKSA-bbz7-vqbc-jf2x CVE-2022-39325 GHSA-395x-wv32-44v5

Affected version: <=4.7.1

Reported by:
GitHub
[HIGH] baserCMS Cross Site Request Forgery vulnerability

PKSA-1qz8-csg4-prc7 CVE-2016-4878 GHSA-fg52-rc36-jp43

Affected version: <=3.0.10

Reported by:
GitHub
[HIGH] CSRF in baserCMS 3.0.10 and earlier

PKSA-9mcy-f7ck-m82n CVE-2016-4881 GHSA-46vm-rwrf-jrxm

Affected version: <=3.0.10

Reported by:
GitHub
[MEDIUM] baserCMS Cross-site Scripting vulnerability

PKSA-thtw-3bwb-zdk3 CVE-2016-4880 GHSA-mxfv-c8p8-qw5h

Affected version: <=3.0.10

Reported by:
GitHub
[HIGH] OS Command Injection in baserCMS

PKSA-c4rk-2jz5-4tyq CVE-2018-0569 GHSA-6j3p-vrph-j7qq

Affected version: <=3.0.15|>=4.0.0,<=4.1.0.1

Reported by:
GitHub
[MEDIUM] XSS in baserCMS

PKSA-cyw9-qq1g-nwx1 CVE-2018-0574 GHSA-6qjv-43mf-rgrh

Affected version: <=3.0.15|>=4.0.0,<=4.1.0.1

Reported by:
GitHub
[MEDIUM] XSS in baserCMS

PKSA-bj1j-gbj3-vmp3 CVE-2018-0570 GHSA-994g-74gq-5qpr

Affected version: <=3.0.15|>=4.0.0,<=4.1.0.1

Reported by:
GitHub
[MEDIUM] baserCMS arbitrary file upload vulnerability

PKSA-h216-2sbv-hp35 CVE-2018-0571 GHSA-3mcp-6rv6-c69g

Affected version: <=3.0.15|>=4.0.0,<=4.1.0.1

Reported by:
GitHub
[MEDIUM] Sensitive Data Exposure in baserCMS

PKSA-g4t1-591m-5dfv CVE-2018-0575 GHSA-w935-p7mg-xc96

Affected version: <=3.0.15|>=4.0.0,<=4.1.0.1

Reported by:
GitHub
[MEDIUM] XSS in baserCMS before 4.1.4

PKSA-576q-v6sb-s2wt CVE-2018-18943 GHSA-fx2m-5m9v-jhgp

Affected version: <4.1.4

Reported by:
GitHub
[HIGH] Code Injection in baserCMS

PKSA-176d-ts76-npnm CVE-2017-10844 GHSA-69gw-v5ph-6vxq

Affected version: >=4.0.0,<=4.0.5|<=3.0.14

Reported by:
GitHub
[CRITICAL] baserCMS SQL Injection vulnerability

PKSA-5741-4p34-1hqy CVE-2017-10842 GHSA-jc94-wp59-pq4f

Affected version: >=4.0.0,<=4.0.5|<=3.0.14

Reported by:
GitHub
[HIGH] baserCMS vulnerable to Access Control Bypass

PKSA-4367-8sj1-wnn9 CVE-2018-0572 GHSA-mjj9-33j8-pfwh

Affected version: <=3.0.15|>=4.0.0,<=4.1.0.1

Reported by:
GitHub
[MEDIUM] baserCMS Access Control Bypass

PKSA-2k82-1qg8-pkxy CVE-2018-0573 GHSA-33fq-qm4m-cjw3

Affected version: >=4.0.0,<=4.1.0.1|<=3.0.15

Reported by:
GitHub
[HIGH] Arbitrary file delete in baserCMS

PKSA-rgkc-9xgq-tp6f CVE-2017-10843 GHSA-x73x-7gmx-w835

Affected version: >=4.0.0,<=4.0.5|<=3.0.14

Reported by:
GitHub
[HIGH] CSRF in baserCMS 3.0.10 and earlier

PKSA-mxr2-ynjv-n2vb CVE-2016-4879 GHSA-397g-4jpj-44xg

Affected version: <=3.0.10

Reported by:
GitHub
[HIGH] RCE in baserCMS before 4.1.4

PKSA-zrgf-b4wd-25sd CVE-2018-18942 GHSA-rjc2-x53r-6c9r

Affected version: <4.1.4

Reported by:
GitHub
[CRITICAL] OS Command Injection Vulnerability and Potential Zip Slip Vulnerability in baserCMS

PKSA-8sn2-zvy7-x3wh CVE-2021-41243 GHSA-7rpc-9m88-cf9w

Affected version: <4.5.4

Reported by:
GitHub
[HIGH] Potential Zip Slip Vulnerability in baserCMS

PKSA-1pv2-4z3b-ffqj CVE-2021-41279 GHSA-4x2f-54wr-4hjg

Affected version: <4.5.4

Reported by:
GitHub
[HIGH] Cross-site scripting vulnerability in file upload

PKSA-wns2-ncyt-ck6c CVE-2021-39136 GHSA-hgjr-632x-qpp3

Affected version: <=4.5.0

Reported by:
GitHub
[MEDIUM] Cross-site Scripting (XSS) in baserCMS

PKSA-fnvn-dwyj-npvb CVE-2021-20683 GHSA-v9w8-hq92-v39m

Affected version: <4.4.5

Reported by:
GitHub
[HIGH] OS Command Injection in baserCMS

PKSA-q92h-r6kb-v79s CVE-2021-20682 GHSA-g39q-f4rm-85x4

Affected version: <4.4.5

Reported by:
GitHub
[MEDIUM] Cross-site Scripting (XSS) in baserCMS

PKSA-gs8f-m49s-36b8 CVE-2021-20681 GHSA-24p5-x9f9-vvpx

Affected version: <4.4.5

Reported by:
GitHub

baserproject/basercms Security Advisories for 3.0.9.1 (38)

[HIGH] baserCMS has a Cross-site Scripting (XSS) Vulnerability in Edit Email Form Settings Feature

[MEDIUM] baserCMS has a Cross-site Scripting (XSS) Vulnerability in Blog posts Feature

[MEDIUM] baserCMS has a Cross-site Scripting (XSS) Vulnerability in HTTP 400 Bad Request

[MEDIUM] baserCMS has a Cross-site Scripting (XSS) Vulnerability in Blog posts and Contents list Feature

[MEDIUM] baserCMS Cross-site Scripting vulnerability in Site search Feature

[MEDIUM] baserCMS OS command injection vulnerability in Installer

[MEDIUM] baserCMS Cross-site Scripting vulnerability in Content Management

[MEDIUM] baserCMS CSRF vulnerability in Content preview Feature

[MEDIUM] baserCMS Directory Traversal vulnerability in Form submission data management Feature

[MEDIUM] baserCMS Cross-site Scripting vulnerability in File upload Feature

[MEDIUM] baserCMS Cross-site Scripting Vulnerability in Favorites Feature

[CRITICAL] baserCMS allows any file to be uploaded

[CRITICAL] baserCMS File Uploader Remote Code Execution (RCE) vulnerability

[MEDIUM] baserCMS vulnerable to stored Cross-site Scripting

[MEDIUM] baserCMS vulnerable to stored Cross-site Scripting

[MEDIUM] baserproject/basercms vulnerable to cross-site scripting (XSS) vulnerability

[HIGH] baserCMS Cross Site Request Forgery vulnerability

[HIGH] CSRF in baserCMS 3.0.10 and earlier

[MEDIUM] baserCMS Cross-site Scripting vulnerability

[HIGH] OS Command Injection in baserCMS

[MEDIUM] XSS in baserCMS

[MEDIUM] XSS in baserCMS

[MEDIUM] baserCMS arbitrary file upload vulnerability

[MEDIUM] Sensitive Data Exposure in baserCMS

[MEDIUM] XSS in baserCMS before 4.1.4

[HIGH] Code Injection in baserCMS

[CRITICAL] baserCMS SQL Injection vulnerability

[HIGH] baserCMS vulnerable to Access Control Bypass

[MEDIUM] baserCMS Access Control Bypass

[HIGH] Arbitrary file delete in baserCMS

[HIGH] CSRF in baserCMS 3.0.10 and earlier

[HIGH] RCE in baserCMS before 4.1.4

[CRITICAL] OS Command Injection Vulnerability and Potential Zip Slip Vulnerability in baserCMS

[HIGH] Potential Zip Slip Vulnerability in baserCMS

[HIGH] Cross-site scripting vulnerability in file upload

[MEDIUM] Cross-site Scripting (XSS) in baserCMS

[HIGH] OS Command Injection in baserCMS

[MEDIUM] Cross-site Scripting (XSS) in baserCMS