baserCMS has Cross-site Scripting Vulnerability in HTTP 400 Bad Request

Vulnerability

Overview baserCMS, a PHP-based website development framework built on CakePHP, is vulnerable to a reflected cross-site scripting (XSS) flaw in its handling of HTTP 400 Bad Request errors. The issue exists in versions prior to 5.1.2 and stems from insufficient sanitization of input data that gets reflected in error pages.[1]

Exploitation

Details The vulnerability is triggerable remotely without requiring authentication. An attacker can craft a malicious URL that generates a 400 Bad Request response containing injected script. No special privileges or user interaction beyond clicking the crafted link is needed, as the scope of the attack remains within the web application.[2]

Impact

Successful exploitation allows an attacker to execute arbitrary JavaScript in the victim's browser. This could lead to stealing session cookies, performing actions on behalf of the authenticated user, reading sensitive page content, or redirecting the user to malicious sites. The CVSS vector indicates this can be achieved with low attack complexity and no privileges required.[2]

Mitigation

The vulnerability is patched in baserCMS version 5.1.2. Users are strongly advised to update immediately. There are no workarounds provided for older versions.[1][2]