Moderate severityNVD Advisory· Published Jun 26, 2018· Updated Aug 5, 2024

CVE-2018-0570

Description

Cross-site scripting vulnerability in baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
baserproject/basercmsPackagist	>= 4.0.0, <= 4.1.0.1	—
baserproject/basercmsPackagist	<= 3.0.15	—

Affected products

Basercms/Basercmsv5
Range: (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions)

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

jvn.jp/en/jp/JVN67881316/index.htmlghsathird-party-advisoryx_refsource_JVNWEB
github.com/advisories/GHSA-994g-74gq-5qprghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2018-0570ghsaADVISORY
basercms.net/security/JVN67881316ghsax_refsource_MISCWEB

News mentions

No linked articles in our index yet.

cvss	0.260
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000