CVE-2022-42486

Description

Stored cross-site scripting vulnerability in User group management of baserCMS versions prior to 4.7.2 allows a remote authenticated attacker with an administrative privilege to inject an arbitrary script.

CVSS breakdown

CVSS 3.1

Attack Vector

Network

Attack Complexity

Low

Privileges Required

High

User Interaction

Required

Scope

Changed

Confidentiality

Low

Integrity

Low

Availability

None

Affected products

baserCMS Users Community / baserCMSversions prior to 4.7.2 – versions prior to 4.7.2

References

MISChttps://basercms.net/security/JVN_53682526
MISChttps://jvn.jp/en/jp/JVN53682526/index.html