Basercms
Sign in to watchby Basercms
Source repositories
CVEs (37)
| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-41994 | 0.00 | — | 0.00 | Dec 7, 2022 | Stored cross-site scripting vulnerability in Permission Settings of baserCMS versions prior to 4.7.2 allows a remote authenticated attacker with an administrative privilege to inject an arbitrary script. | ||
| CVE-2022-42486 | 0.00 | — | 0.00 | Dec 7, 2022 | Stored cross-site scripting vulnerability in User group management of baserCMS versions prior to 4.7.2 allows a remote authenticated attacker with an administrative privilege to inject an arbitrary script. | ||
| CVE-2021-20683 | 0.00 | — | 0.00 | Mar 26, 2021 | Improper neutralization of JavaScript input in the blog article editing function of baserCMS versions prior to 4.4.5 allows remote authenticated attackers to inject an arbitrary script via unspecified vectors. | ||
| CVE-2021-20682 | 0.00 | — | 0.02 | Mar 26, 2021 | baserCMS versions prior to 4.4.5 allows a remote attacker with an administrative privilege to execute arbitrary OS commands via unspecified vectors. | ||
| CVE-2021-20681 | 0.00 | — | 0.00 | Mar 26, 2021 | Improper neutralization of JavaScript input in the page editing function of baserCMS versions prior to 4.4.5 allows remote authenticated attackers to inject an arbitrary script via unspecified vectors. | ||
| CVE-2018-0572 | 0.00 | — | 0.00 | Jun 26, 2018 | baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote authenticated attackers to bypass access restriction to view or alter a restricted content via unspecified vectors. | ||
| CVE-2018-0574 | 0.00 | — | 0.00 | Jun 26, 2018 | Cross-site scripting vulnerability in baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||
| CVE-2018-0571 | 0.00 | — | 0.00 | Jun 26, 2018 | baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote attackers with a site operator privilege to upload arbitrary files. | ||
| CVE-2018-0570 | 0.00 | — | 0.00 | Jun 26, 2018 | Cross-site scripting vulnerability in baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors. | ||
| CVE-2018-0573 | 0.00 | — | 0.00 | Jun 26, 2018 | baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote attackers to bypass access restriction for a content to view a file which is uploaded by a site user via unspecified vectors. | ||
| CVE-2018-0569 | 0.00 | — | 0.01 | Jun 26, 2018 | baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote authenticated attackers to execute arbitrary OS commands via unspecified vectors. | ||
| CVE-2018-0575 | 0.00 | — | 0.00 | Jun 26, 2018 | baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote attackers to bypass access restriction in mail form to view a file which is uploaded by a site user via unspecified vectors. | ||
| CVE-2015-5641 | 0.00 | — | 0.00 | Oct 6, 2015 | SQL injection vulnerability in baserCMS before 3.0.8 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | ||
| CVE-2015-5640 | 0.00 | — | 0.00 | Oct 6, 2015 | baserCMS before 3.0.8 allows remote authenticated users to modify arbitrary user settings via a crafted request. | ||
| CVE-2012-1248 | 0.00 | — | 0.01 | May 15, 2012 | app/config/core.php in baserCMS 1.6.15 and earlier does not properly handle installations in shared-hosting environments, which allows remote attackers to hijack sessions by leveraging administrative access to a different domain. | ||
| CVE-2011-2674 | 0.00 | — | 0.00 | Oct 2, 2011 | BaserCMS before 1.6.12 does not properly restrict additions to the membership of the operators group, which allows remote authenticated users to gain privileges via unspecified vectors. | ||
| CVE-2011-2673 | 0.00 | — | 0.00 | Oct 2, 2011 | Cross-site scripting (XSS) vulnerability in BaserCMS before 1.6.13.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
Page 2 of 2